7 matches found
EUVD-2022-5401
Malicious code in bioql PyPI...
Directory traversal in the FileSelector widget
Date : 2024-09-17 CVE ID : CVE-2024-45604 Description Back end users can list files outside their file mounts or the document root in the FileSelector widget. However, it is not possible to edit these files or view their content. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Conta...
Privilege escalation with the form generator
Date : 2021-08-11 CVE ID : CVE-2021-37627 Description It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Affected versions Contao 4.0 Contao 4.1 Contao 4....
CVE-2019-11512
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5...
Sql injection
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5...
CVE-2019-11512
CVE-2019-11512 describes an SQL injection in Contao 4.x, exploitable via the file manager. Affected versions span Contao 4.1 through 4.7.4, with exposure up to 4.4.38. The issue is fixed in Contao 4.4.39 and 4.7.5 (as confirmed by multiple sources). Red Hat notes the same fixed versions; other ad...
SQL injection in the file manager
Date : 2019-04-30 CVE ID : CVE-2019-11512 Description David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier...