Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5401

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01462EPSS
Exploits0References5
Contao
Contao
added 2024/09/17 12:0 a.m.23 views

Directory traversal in the FileSelector widget

Date : 2024-09-17 CVE ID : CVE-2024-45604 Description Back end users can list files outside their file mounts or the document root in the FileSelector widget. However, it is not possible to edit these files or view their content. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Conta...

4.3CVSS4.4AI score0.00427EPSS
Exploits0Affected Software1
Contao
Contao
added 2021/08/11 12:0 a.m.23 views

Privilege escalation with the form generator

Date : 2021-08-11 CVE ID : CVE-2021-37627 Description It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Affected versions Contao 4.0 Contao 4.1 Contao 4....

8CVSS7.3AI score0.01023EPSS
Exploits0Affected Software1
NVD
NVD
added 2019/07/09 9:15 p.m.45 views

CVE-2019-11512

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5...

9.8CVSS9.7AI score0.01462EPSS
Exploits0References1
Prion
Prion
added 2019/07/09 9:15 p.m.13 views

Sql injection

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5...

7.5CVSS9.7AI score0.01462EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/07/09 8:33 p.m.146 views

CVE-2019-11512

CVE-2019-11512 describes an SQL injection in Contao 4.x, exploitable via the file manager. Affected versions span Contao 4.1 through 4.7.4, with exposure up to 4.4.38. The issue is fixed in Contao 4.4.39 and 4.7.5 (as confirmed by multiple sources). Red Hat notes the same fixed versions; other ad...

9.8CVSS9.6AI score0.01462EPSS
Exploits0References1Affected Software1
Contao
Contao
added 2019/04/30 12:0 a.m.100 views

SQL injection in the file manager

Date : 2019-04-30 CVE ID : CVE-2019-11512 Description David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier...

9.8CVSS9.6AI score0.01462EPSS
Exploits0Affected Software1
Rows per page
Query Builder