Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/contao/core-bundle@4.8.0-RC2
purl pkg:composer/contao/core-bundle@4.8.0-RC2
Next non-vulnerable version 4.8.6
Latest non-vulnerable version 5.6.5
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-98fv-kpqs-mybc
Aliases:
CVE-2019-19745
GHSA-wjx8-cgrm-hh8p
Unrestricted Upload of File with Dangerous Type Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
4.8.6
Affected by 0 other vulnerabilities.
5.5.4
Affected by 0 other vulnerabilities.
VCID-ah8s-8q49-8qbw
Aliases:
CVE-2019-19712
GHSA-4mvc-qc5w-v5qr
Incorrect Default Permissions Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
4.8.6
Affected by 0 other vulnerabilities.
5.5.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:26:07.019363+00:00 GitLab Importer Affected by VCID-ah8s-8q49-8qbw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19712.yml 38.6.0
2026-06-04T20:26:04.178361+00:00 GitLab Importer Affected by VCID-98fv-kpqs-mybc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19745.yml 38.6.0