Search for packages
| purl | pkg:composer/contao/core-bundle@4.4.26 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3fux-z15d-13g1
Aliases: CVE-2019-11512 GHSA-vq59-x6mq-4wgw |
Contao allows SQL Injection. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-4rrm-u81m-7kdt
Aliases: CVE-2018-20028 GHSA-q99w-j4mj-7hj8 |
Direct Request (Forced Browsing) Contao has Incorrect Access Control. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-5kwa-7kx3-kfga
Aliases: CVE-2019-10641 GHSA-vcgg-hp4r-87gx |
Weak Password Recovery Mechanism for Forgotten Password Contao has a Weak Password Recovery Mechanism for a Forgotten Password. |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-82d1-8yn8-sydv
Aliases: CVE-2021-35955 GHSA-hr3h-x6gq-rqcp |
Cross site scripting via HTML attributes in the back end It is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify HTML fields (e.g. TinyMCE). |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-98fv-kpqs-mybc
Aliases: CVE-2019-19745 GHSA-wjx8-cgrm-hh8p |
Unrestricted Upload of File with Dangerous Type Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ah8s-8q49-8qbw
Aliases: CVE-2019-19712 GHSA-4mvc-qc5w-v5qr |
Incorrect Default Permissions Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-rj3d-jeyz-vye5
Aliases: CVE-2021-37627 GHSA-hq5m-mqmx-fw6m |
Improper Privilege Management Contao is an open source CMS that allows creation of websites and scalable web applications.All users are advised to update to Contao As a workaround users may disable the form generator or disable the login for untrusted back end users. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t2u3-tgg3-cbb9
Aliases: CVE-2021-37626 GHSA-r6mv-ppjc-4hgr |
Code Injection Contao is an open source CMS that allows you to create websites and scalable web applications.Update to Contao to resolve. If you cannot update then disable the login for untrusted back end users. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u6sk-25yd-e7b2
Aliases: CVE-2020-25768 GHSA-f7wm-x4gw-6m23 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||