11 matches found
CVE-2025-65960
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
Insufficient Type Distinction
Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Insufficient Type Distinction in the Template::once method. Backend users with sufficient privileges...
EUVD-2025-199633
Contao is vulnerable to remote code execution in template closures...
GHSA-98VJ-MM79-V77R Contao is vulnerable to remote code execution in template closures
Impact Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5 Workarounds Manually patch the Contao\Template::once method. Resources...
Contao is vulnerable to remote code execution in template closures
Impact Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5 Workarounds Manually patch the Contao\Template::once method. Resources...
CVE-2025-65960
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
CVE-2025-65960
The CVE-2025-65960 vulnerability affects Contao CMS prior to versions 4.13.57, 5.3.42, and 5.6.5. It exploits insufficient input handling in the Template::once() method within template closures, allowing backend users with content-control privileges to execute arbitrary PHP functions that lack re...
PT-2025-48077
Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Backend users with control over template closures can execute arbitrary PHP functions without required parameters. The...