Skip to main content

Contao Cms

6 CVEs product

Monthly

CVE-2019-10643 PHP CRITICAL PATCH Act Now

Contao 4.7 allows Use of a Key Past its Expiration Date. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Contao Cms
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-10642 PHP HIGH PATCH This Week

Contao 4.7 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contao Cms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2019-10641 PHP CRITICAL PATCH Act Now

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contao Cms
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2017-10993 PHP HIGH PATCH This Week

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Contao Cms
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2015-0269 PHP MEDIUM PATCH This Month

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Contao Cms
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2012-1297 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Contao Cms
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Contao 4.7 allows Use of a Key Past its Expiration Date. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Contao Cms
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Contao 4.7 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contao Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contao Cms
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Contao Cms
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Contao Cms
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP Contao Cms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy