Search for packages
| purl | pkg:composer/contao/core-bundle@4.8.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-98fv-kpqs-mybc
Aliases: CVE-2019-19745 GHSA-wjx8-cgrm-hh8p |
Unrestricted Upload of File with Dangerous Type Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ah8s-8q49-8qbw
Aliases: CVE-2019-19712 GHSA-4mvc-qc5w-v5qr |
Incorrect Default Permissions Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cn83-bepu-qbam
Aliases: CVE-2019-19714 GHSA-jc43-qrrp-98f5 |
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T16:19:42.714466+00:00 | GitLab Importer | Affected by | VCID-cn83-bepu-qbam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19714.yml | 38.6.0 |
| 2026-06-04T16:19:42.580941+00:00 | GitLab Importer | Affected by | VCID-ah8s-8q49-8qbw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19712.yml | 38.6.0 |
| 2026-06-04T16:19:42.135674+00:00 | GitLab Importer | Affected by | VCID-98fv-kpqs-mybc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19745.yml | 38.6.0 |