2 matches found
CVE-2019-19745
Contao 4.x (4.0–4.8.5) is affected by an unrestricted file upload flaw that enables a back-end user with access to the form generator to upload arbitrary files and execute them on the server due to PHP local file inclusion. The vulnerability is documented across multiple sources (e.g., RH/CVE-201...
Unrestricted file uploads
Date : 2019-12-17 CVE ID : CVE-2019-19745 Description A back end user with access to the form generator can upload arbitrary files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 up t...