4 matches found
CVE-2019-10642
Contao 4.7 allows CSRF...
CVE-2019-10642
Contao 4.7 is affected by a CSRF token check bypass (CSRF vulnerability). Multiple connected advisories (GHSA-HWMH-9JJ9-8C9C, OSV/GHSA-...) describe that the request token verification can be bypassed, enabling unauthorized actions within Contao 4.7. The CVE entry CVE-2019-10642 explicitly states...
The CSRF token check can be bypassed
More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...
Bypassing the request token check
Date : 2019-04-09 CVE ID : CVE-2019-10642 Description Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7 Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...