Contao Security Vulnerabilities and Issues — Contao CVE List

Lucene search

ContaoContao

5 matches found

CVE•added 2021/08/11 11:15 p.m.•92 views

CVE-2021-37627

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users a...

8CVSS7.2AI score0.00485EPSS

CVE•added 2019/12/17 3:15 p.m.•54 views

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

8.8CVSS8.6AI score0.00476EPSS

CVE•added 2024/04/09 4:15 p.m.•41 views

CVE-2024-28235

Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao...

8.3CVSS8.2AI score0.00305EPSS

CVE•added 2020/01/29 3:15 p.m.•37 views

CVE-2012-4383

contao prior to 2.11.4 has a sql injection vulnerability

8.8CVSS8.7AI score0.00257EPSS

CVE•added 2024/09/17 8:15 p.m.•36 views

CVE-2024-45398

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does n...

8.8CVSS8.4AI score0.00261EPSS