5 matches found
GHSA-HWMH-9JJ9-8C9C Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...
Session invalidation upon password changes
Date : 2019-04-09 CVE ID : CVE-2019-10641 Description Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. Affected versions Contao 3. up to 3.5.38 Contao 4.0 Contao 4.1 Contao 4.2 Conta...
Invalidating opt-in tokens
Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...