29 matches found
Cross site scripting via canonical URL
Date : 2022-05-05 CVE ID : CVE-2022-24899 Description Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Affected versions Contao 4.13 up to 4.13.2 Suggested solution Update to Contao 4.13.3. Workaround Disable canonical tags in the...
Insert tag injection in forms
Date : 2020-09-24 CVE ID : CVE-2020-25768 Description It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.51 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...
Bypassing the request token check
Date : 2019-04-09 CVE ID : CVE-2019-10642 Description Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7 Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...
PHP file inclusion in the back end
Date : 2017-07-12 CVE ID : CVE-2017-10993 Description A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server. Affected versions...
SQL injection in the newsletter module
Date : 2018-01-18 CVE ID : CVE-2018-5478 Description The vulnerability is in the "unsubscribe" module of the newsletter extension. It can easily be exploited by anyone without logging in in the front end. Affected versions Contao 3. up to 3.5.31 Suggested solution Update to Contao 3.5.32...
Insert tag injection in the login module
Date : 2019-12-17 CVE ID : CVE-2019-19714 Description It is possible to inject insert tags into the login module which will be replaced when the page is rendered. Affected versions Contao 4.8.4 and 4.8.5 Suggested solution Update to Contao 4.8.6...
Arbitrary code execution in TCPDF
Date : 2018-09-18 CVE ID : CVE-2018-17057 Description CVE-2018-17057 identifies a security vulnerability in TCPDF, which also affects Contao. Through a manipulated image file, a logged in back end user can implant arbitrary code which is executed when an article is exported as PDF in the front en...
Cross site scripting in widgets with units
Date : 2023-07-25 CVE ID : CVE-2023-36806 Authenticated users can inject malicious code in widgets with units, which is then executed both in the element preview back end and on the website front end. Thanks to Christian Pöschl and Fabian Brenner from usd AG for reporting this vulnerability...
Cross site scripting via HTML attributes in the back end
Date : 2021-08-11 CVE ID : CVE-2021-35955 Description It is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview back end and on the website front end. Installations are only affected if there are untrusted...
Session cookie disclosure in the crawler
Date : 2024-04-09 CVE ID : CVE-2024-28235 If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4.11 Contao 4....
SQL injection in the file manager
Date : 2019-04-30 CVE ID : CVE-2019-11512 Description David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier...
Directory traversal in the back end
Date : 2015-02-12 CVE ID : CVE-2015-0269 Description Arnaud Buchoux with Orange Consulting has discovered a directory traversal vulnerability, which allows logged in back end users to view files outside their file mounts or the document root. It is, however, not possible to edit these files or to...
Insert tag injection via the form generator
Date : 2024-04-09 CVE ID : CVE-2024-28191 It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9...
Insufficient BBCode sanitization
Date : 2024-04-09 CVE ID : CVE-2024-28234 If BBCode is enabled for comments, users can inject CSS styles. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4.11 Contao 4.12 Contao 4.13 up to 4.13.39...
Cross site scripting in the file manager
Date : 2024-04-09 CVE ID : CVE-2024-28190 Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao...
Remember-me tokens are not cleared after a password change
Date : 2024-04-09 CVE ID : CVE-2024-30262 When a front end member changes their password, the corresponding remember-me tokens are not removed. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4.11...
SQL injection in the back end search filter and the listing module
Date : 2017-11-15 CVE ID : CVE-2017-16558 Description Both the search filter in the back end and the listing module in the front end are vulnerable to SQL injections. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end the vulnerability can be...
Privilege escalation with the form generator
Date : 2021-08-11 CVE ID : CVE-2021-37627 Description It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Affected versions Contao 4.0 Contao 4.1 Contao 4....
Directory traversal in the FileSelector widget
Date : 2024-09-17 CVE ID : CVE-2024-45604 Description Back end users can list files outside their file mounts or the document root in the FileSelector widget. However, it is not possible to edit these files or view their content. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Conta...
PHP file inclusion via insert tags
Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...
Directory traversal in the file manager
Date : 2023-04-25 CVE ID : CVE-2023-29200 Authenticated users in the back end can list files outside the document root in the file manager. However, it is not possible to read the contents of these files. Thanks to Daniel Barros for reporting the problem. Affected versions Contao 4.0 Contao 4.1...
Unrestricted file uploads
Date : 2019-12-17 CVE ID : CVE-2019-19745 Description A back end user with access to the form generator can upload arbitrary files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 up t...
Session invalidation upon password changes
Date : 2019-04-09 CVE ID : CVE-2019-10641 Description Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. Affected versions Contao 3. up to 3.5.38 Contao 4.0 Contao 4.1 Contao 4.2 Conta...
Invalidating opt-in tokens
Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...
Remote command execution through file uploads
Date : 2024-09-17 CVE ID : CVE-2024-45398 Back end users with access to the file manager can upload malicious files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4....
Information disclosure in the back end
Date : 2019-12-17 CVE ID : CVE-2019-19712 Description Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4....
Cross site scripting in the system log
Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...
Insert tag injection via canonical URLs
Date : 2024-09-17 CVE ID : CVE-2024-45612 It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. Affected versions Contao 4.13 up to 4.13.48 Contao 5.0 Contao 5.1 Contao 5.2 Contao 5.3 up to 5.3.14 Contao 5.4 up to 5.4.2 Suggested solution Upgrade...
Viewing unauthorized records in the back end
Date : 2018-12-13 CVE ID : CVE-2018-20028 Description The vulnerability allows logged in back end users to view records that have not been enabled for them. There are two ways to exploit the vulnerability: 1. If a back end user without page mounts uses the filter menu in the site structure, they...