Search for packages
| purl | pkg:composer/contao/core@3.5.39 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6um8-6hqz-uybm
Aliases: CVE-2017-16558 GHSA-w38g-hj45-mjjp |
SQL injection vulnerability Both the search filter in the back end and the "listing" module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5kwa-7kx3-kfga | Weak Password Recovery Mechanism for Forgotten Password Contao has a Weak Password Recovery Mechanism for a Forgotten Password. |
CVE-2019-10641
GHSA-vcgg-hp4r-87gx |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:21:12.196830+00:00 | GitLab Importer | Affected by | VCID-6um8-6hqz-uybm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/CVE-2017-16558.yml | 38.6.0 |
| 2026-06-04T17:54:25.010586+00:00 | GithubOSV Importer | Fixing | VCID-5kwa-7kx3-kfga | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vcgg-hp4r-87gx/GHSA-vcgg-hp4r-87gx.json | 38.6.0 |
| 2026-06-02T04:39:07.763813+00:00 | GitLab Importer | Fixing | VCID-5kwa-7kx3-kfga | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/CVE-2019-10641.yml | 38.6.0 |