Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.5 views

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server...

8.8CVSS7.1AI score0.01108EPSS
Exploits0References1
Contao
Contao
added 2023/04/25 12:0 a.m.21 views

Directory traversal in the file manager

Date : 2023-04-25 CVE ID : CVE-2023-29200 Authenticated users in the back end can list files outside the document root in the file manager. However, it is not possible to read the contents of these files. Thanks to Daniel Barros for reporting the problem. Affected versions Contao 4.0 Contao 4.1...

6.5CVSS5.1AI score0.00797EPSS
Exploits0Affected Software1
Contao
Contao
added 2021/08/11 12:0 a.m.37 views

Cross site scripting via HTML attributes in the back end

Date : 2021-08-11 CVE ID : CVE-2021-35955 Description It is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview back end and on the website front end. Installations are only affected if there are untrusted...

4.8CVSS4.9AI score0.00557EPSS
Exploits0Affected Software1
Contao
Contao
added 2021/08/11 12:0 a.m.22 views

PHP file inclusion via insert tags

Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...

7.2CVSS6.9AI score0.01254EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/12/17 1:59 p.m.33 views

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...

5.2AI score0.0088EPSS
Exploits0References2
Contao
Contao
added 2019/12/17 12:0 a.m.30 views

Information disclosure in the back end

Date : 2019-12-17 CVE ID : CVE-2019-19712 Description Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4....

5.3CVSS5AI score0.0088EPSS
Exploits0Affected Software1
Rows per page
Query Builder