2 matches found
Privilege escalation via form generator
Impact It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the form generator or...
PHP file inclusion via insert tags
Impact It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the login for untrusted back end users. References...