VulnerableCode Package Details - pkg:composer/contao/core-bundle@4.8.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-98fv-kpqs-mybc	Unrestricted Upload of File with Dangerous Type Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.	CVE-2019-19745 GHSA-wjx8-cgrm-hh8p
VCID-ah8s-8q49-8qbw	Incorrect Default Permissions Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.	CVE-2019-19712 GHSA-4mvc-qc5w-v5qr
VCID-cn83-bepu-qbam	Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.	CVE-2019-19714 GHSA-jc43-qrrp-98f5

Vulnerability

Summary

Aliases

VCID-98fv-kpqs-mybc

Unrestricted Upload of File with Dangerous Type Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

CVE-2019-19745
GHSA-wjx8-cgrm-hh8p

VCID-ah8s-8q49-8qbw

Incorrect Default Permissions Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

CVE-2019-19712
GHSA-4mvc-qc5w-v5qr

VCID-cn83-bepu-qbam

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

CVE-2019-19714
GHSA-jc43-qrrp-98f5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:41:57.782276+00:00	GithubOSV Importer	Fixing	VCID-98fv-kpqs-mybc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-wjx8-cgrm-hh8p/GHSA-wjx8-cgrm-hh8p.json	38.6.0
2026-06-04T17:41:56.066450+00:00	GithubOSV Importer	Fixing	VCID-ah8s-8q49-8qbw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-4mvc-qc5w-v5qr/GHSA-4mvc-qc5w-v5qr.json	38.6.0
2026-06-04T17:41:54.410226+00:00	GithubOSV Importer	Fixing	VCID-cn83-bepu-qbam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-jc43-qrrp-98f5/GHSA-jc43-qrrp-98f5.json	38.6.0
2026-06-04T16:19:42.716077+00:00	GitLab Importer	Fixing	VCID-cn83-bepu-qbam	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19714.yml	38.6.0
2026-06-04T16:19:42.588755+00:00	GitLab Importer	Fixing	VCID-ah8s-8q49-8qbw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19712.yml	38.6.0
2026-06-04T16:19:42.145347+00:00	GitLab Importer	Fixing	VCID-98fv-kpqs-mybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2019-19745.yml	38.6.0