6 matches found
EUVD-2025-26126
Malicious code in bioql PyPI...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to news feeds not filtering protected news archives, which allows an attacker to access and view restricted news items through the public RSS feed...
CVE-2025-57757
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper filtering protected news archives. An attacker can access sensitive information by retrieving protected news items that are unintentionally included in the public RSS feed. Workaround This...
Contao can disclose sensitive information in the news module
Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. Patches Update to Contao 5.3.38 or 5.6.1. Workarounds Do not add protected news archives to the news feed page. For more information If you have any questions o...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...