Show filters
35 Total Results
Displaying 21-30 of 35
Sort by:
Attacker Value
Unknown

CVE-2014-1860

Disclosure Date: January 08, 2020 (last updated February 21, 2025)
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-19745

Disclosure Date: December 17, 2019 (last updated November 27, 2024)
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-19712

Disclosure Date: December 17, 2019 (last updated November 27, 2024)
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-19714

Disclosure Date: August 08, 2019 (last updated November 27, 2024)
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-11512

Disclosure Date: July 09, 2019 (last updated November 27, 2024)
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
0
0
Attacker Value
Unknown

CVE-2017-16558

Disclosure Date: April 25, 2019 (last updated November 27, 2024)
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
0
0
Attacker Value
Unknown

CVE-2019-10641

Disclosure Date: April 17, 2019 (last updated November 27, 2024)
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
0
0
Attacker Value
Unknown

CVE-2019-10643

Disclosure Date: April 17, 2019 (last updated November 27, 2024)
Contao 4.7 allows Use of a Key Past its Expiration Date.
0
0
Attacker Value
Unknown

CVE-2019-10642

Disclosure Date: April 17, 2019 (last updated November 27, 2024)
Contao 4.7 allows CSRF.
0
0
Attacker Value
Unknown

CVE-2018-20028

Disclosure Date: April 17, 2019 (last updated November 27, 2024)
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
0
0
View More Topics  < Previous  Next >