5 matches found
Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
GHSA-HWMH-9JJ9-8C9C Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...
Session invalidation upon password changes
Date : 2019-04-09 CVE ID : CVE-2019-10641 Description Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. Affected versions Contao 3. up to 3.5.38 Contao 4.0 Contao 4.1 Contao 4.2 Conta...
Invalidating opt-in tokens
Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...