Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core@2.7.0
Typecomposer
Namespacecontao
Namecore
Version2.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5639-8xt3-8ugc
vulnerability_id VCID-5639-8xt3-8ugc
summary 
Improper Input Validation
Insufficient input validation allows for code injection and remote execution.
references
0
reference_url https://contao.org/en/news/new-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/new-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@2.11.17
purl pkg:composer/contao/core@2.11.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6bch-mqbz-bqfs
1
vulnerability VCID-6um8-6hqz-uybm
2
vulnerability VCID-crsc-bhc9-y3f9
3
vulnerability VCID-epmj-qf23-xffd
4
vulnerability VCID-stup-et3v-5kgp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.17
1
url pkg:composer/contao/core@3.2.9
purl pkg:composer/contao/core@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.9
2
url pkg:composer/contao/core@3.2.11
purl pkg:composer/contao/core@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.11
aliases GMS-2014-36
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5639-8xt3-8ugc
1
url VCID-6bch-mqbz-bqfs
vulnerability_id VCID-6bch-mqbz-bqfs
summary 
XSS vulnerability in the newsletter extension
The vulnerability is in the "unsubscribe" module of the newsletter extension and can easily be exploited by anyone in the front end. If you are not using the newsletter extension or the "unsubscribe" module, your installation is not affected by the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22992
published_at 2026-06-05T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.2291
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5478
1
reference_url https://contao.org/en/news/contao-3_5_32.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_32.html
2
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
3
reference_url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5478
6
reference_url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/
url https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
fixed_packages
0
url pkg:composer/contao/core@3.5.32
purl pkg:composer/contao/core@3.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6um8-6hqz-uybm
2
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.32
aliases CVE-2018-5478, GHSA-mpg7-2rx9-h5qp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bch-mqbz-bqfs
2
url VCID-6um8-6hqz-uybm
vulnerability_id VCID-6um8-6hqz-uybm
summary 
SQL injection vulnerability
Both the search filter in the back end and the "listing" module in the front end are vulnerable to SQL injection. To exploit the vulnerability in the back end, a back end user has to be logged in, whereas the front end vulnerability can be exploited by anyone.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52535
published_at 2026-06-05T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52475
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16558
2
reference_url https://contao.org/de/changelog/versions/4.4.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/de/changelog/versions/4.4.html
3
reference_url https://contao.org/en/news/contao-4_4_8.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_8.html
4
reference_url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15
5
reference_url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e
6
reference_url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544
7
reference_url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16558
12
reference_url https://github.com/advisories/GHSA-w38g-hj45-mjjp
reference_id GHSA-w38g-hj45-mjjp
reference_type
scores
url https://github.com/advisories/GHSA-w38g-hj45-mjjp
fixed_packages
aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6um8-6hqz-uybm
3
url VCID-7nh2-bb7m-3udz
vulnerability_id VCID-7nh2-bb7m-3udz
summary 
contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to `deserialize()` function.
references
0
reference_url https://contao.org/en/news/major-security-hole-found-in-contao.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/major-security-hole-found-in-contao.html
1
reference_url https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
2
reference_url https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
3
reference_url https://github.com/contao/core/issues/6695
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/6695
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml
5
reference_url https://github.com/advisories/GHSA-wq43-8r5p-w3mc
reference_id GHSA-wq43-8r5p-w3mc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq43-8r5p-w3mc
fixed_packages
0
url pkg:composer/contao/core@2.11.14
purl pkg:composer/contao/core@2.11.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-epmj-qf23-xffd
5
vulnerability VCID-m28p-n6vz-zuhw
6
vulnerability VCID-stup-et3v-5kgp
7
vulnerability VCID-u721-yafq-bkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.14
1
url pkg:composer/contao/core@3.2.5
purl pkg:composer/contao/core@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-6bch-mqbz-bqfs
3
vulnerability VCID-6um8-6hqz-uybm
4
vulnerability VCID-crsc-bhc9-y3f9
5
vulnerability VCID-ejwd-wgb2-47e2
6
vulnerability VCID-epmj-qf23-xffd
7
vulnerability VCID-m28p-n6vz-zuhw
8
vulnerability VCID-u721-yafq-bkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.5
aliases GHSA-wq43-8r5p-w3mc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nh2-bb7m-3udz
4
url VCID-crsc-bhc9-y3f9
vulnerability_id VCID-crsc-bhc9-y3f9
summary 
PHP file inclusion vulnerability in the back end
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
reference_id
reference_type
scores
0
value 0.00825
scoring_system epss
scoring_elements 0.74825
published_at 2026-06-04T12:55:00Z
1
value 0.00825
scoring_system epss
scoring_elements 0.74855
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-10993
1
reference_url https://contao.org/en/news/contao-3_5_28.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_28.html
2
reference_url https://contao.org/en/news/contao-4_4_1.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_1.html
3
reference_url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
reference_id
reference_type
scores
url https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
reference_id CVE-2017-10993
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-10993
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
reference_id CVE-2017-10993.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
8
reference_url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
reference_id GHSA-x5g4-crxq-qxjx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5g4-crxq-qxjx
fixed_packages
0
url pkg:composer/contao/core@3.5.28
purl pkg:composer/contao/core@3.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.28
aliases CVE-2017-10993, GHSA-x5g4-crxq-qxjx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crsc-bhc9-y3f9
5
url VCID-epmj-qf23-xffd
vulnerability_id VCID-epmj-qf23-xffd
summary 
XSS in system log of back end
There's a Cross-Site Scripting (XSS) vulnerability in system log of back end. With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56045
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.561
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
1
reference_url https://contao.org/en/news/contao-3_5_35.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_35.html
2
reference_url https://contao.org/en/news/contao-4_4_18.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_18.html
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
reference_id CVE-2018-10125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
8
reference_url https://github.com/advisories/GHSA-pj4j-287j-f742
reference_id GHSA-pj4j-287j-f742
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj4j-287j-f742
fixed_packages
0
url pkg:composer/contao/core@3.5.35
purl pkg:composer/contao/core@3.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6um8-6hqz-uybm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.35
aliases CVE-2018-10125, GHSA-pj4j-287j-f742
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epmj-qf23-xffd
6
url VCID-m28p-n6vz-zuhw
vulnerability_id VCID-m28p-n6vz-zuhw
summary 
contao/core Insufficient input validation allows for code injection and remote execution
contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change pathconfig.php by entering a URL, meaning that the entire Contao installation will no longer be accessible or malicious code can be executed.
references
0
reference_url https://c-c-a.org/aktuelles/news/details/eine-neue-kritische-sicherheitsluecke-in-contao-entdeckt
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://c-c-a.org/aktuelles/news/details/eine-neue-kritische-sicherheitsluecke-in-contao-entdeckt
1
reference_url https://github.com/contao/core/commit/d45503568751a868193929ef349a49ae5e6686f0
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d45503568751a868193929ef349a49ae5e6686f0
2
reference_url https://github.com/contao/core/commit/d4a14f167e0cbb2e77c7829299e5b36f55c1ebce
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/d4a14f167e0cbb2e77c7829299e5b36f55c1ebce
3
reference_url https://github.com/contao/core/issues/6855
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/6855
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-04-07.yaml
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-04-07.yaml
5
reference_url https://web.archive.org/web/20240214121817/https://contao.org/en/news/new-security-hole-found-in-contao
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20240214121817/https://contao.org/en/news/new-security-hole-found-in-contao
6
reference_url https://github.com/advisories/GHSA-wxxw-5gq6-j2g5
reference_id GHSA-wxxw-5gq6-j2g5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wxxw-5gq6-j2g5
fixed_packages
0
url pkg:composer/contao/core@2.11.17
purl pkg:composer/contao/core@2.11.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6bch-mqbz-bqfs
1
vulnerability VCID-6um8-6hqz-uybm
2
vulnerability VCID-crsc-bhc9-y3f9
3
vulnerability VCID-epmj-qf23-xffd
4
vulnerability VCID-stup-et3v-5kgp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.17
1
url pkg:composer/contao/core@3.2.9
purl pkg:composer/contao/core@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.9
aliases GHSA-wxxw-5gq6-j2g5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m28p-n6vz-zuhw
7
url VCID-stup-et3v-5kgp
vulnerability_id VCID-stup-et3v-5kgp
summary 
Path Traversal
Directory traversal vulnerability in Contao allows remote authenticated `back end` users to view files outside their file mounts or the document root via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0269
reference_id
reference_type
scores
0
value 0.0046
scoring_system epss
scoring_elements 0.64505
published_at 2026-06-05T12:55:00Z
1
value 0.0046
scoring_system epss
scoring_elements 0.64461
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0269
1
reference_url https://contao.org/en/news/contao-3_2_19.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_2_19.html
2
reference_url https://contao.org/en/news/contao-3_4_4.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_4_4.html
3
reference_url https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
4
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
5
reference_url https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0269
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-0269
fixed_packages
0
url pkg:composer/contao/core@3.0.0
purl pkg:composer/contao/core@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-6bch-mqbz-bqfs
3
vulnerability VCID-6um8-6hqz-uybm
4
vulnerability VCID-7nh2-bb7m-3udz
5
vulnerability VCID-crsc-bhc9-y3f9
6
vulnerability VCID-ejwd-wgb2-47e2
7
vulnerability VCID-epmj-qf23-xffd
8
vulnerability VCID-m28p-n6vz-zuhw
9
vulnerability VCID-u721-yafq-bkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.0.0
1
url pkg:composer/contao/core@3.2.19
purl pkg:composer/contao/core@3.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.19
2
url pkg:composer/contao/core@3.4.4
purl pkg:composer/contao/core@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kwa-7kx3-kfga
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-ejwd-wgb2-47e2
5
vulnerability VCID-epmj-qf23-xffd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.4.4
aliases CVE-2015-0269, GHSA-4r6g-xhx7-fm36
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stup-et3v-5kgp
8
url VCID-u721-yafq-bkc7
vulnerability_id VCID-u721-yafq-bkc7
summary 
Code Injection
PHP object injection vulnerability allows for arbitrary code execution.
references
0
reference_url https://contao.org/en/news/major-security-hole-found-in-contao.html
reference_id
reference_type
scores
url https://contao.org/en/news/major-security-hole-found-in-contao.html
fixed_packages
0
url pkg:composer/contao/core@2.11.16
purl pkg:composer/contao/core@2.11.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-crsc-bhc9-y3f9
4
vulnerability VCID-epmj-qf23-xffd
5
vulnerability VCID-m28p-n6vz-zuhw
6
vulnerability VCID-stup-et3v-5kgp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.16
1
url pkg:composer/contao/core@3.2.7
purl pkg:composer/contao/core@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-5kwa-7kx3-kfga
2
vulnerability VCID-6bch-mqbz-bqfs
3
vulnerability VCID-6um8-6hqz-uybm
4
vulnerability VCID-crsc-bhc9-y3f9
5
vulnerability VCID-ejwd-wgb2-47e2
6
vulnerability VCID-epmj-qf23-xffd
7
vulnerability VCID-m28p-n6vz-zuhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.2.7
aliases GMS-2014-35
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u721-yafq-bkc7
9
url VCID-zexf-zd22-nkfp
vulnerability_id VCID-zexf-zd22-nkfp
summary 
Contao core SQL Injection Vulnerability
Contao core prior to 2.11.4 has a SQL injection vulnerability in `contao-2.11.3\system\modules\backend\Ajax.php`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4383
reference_id
reference_type
scores
0
value 0.00244
scoring_system epss
scoring_elements 0.47882
published_at 2026-06-04T12:55:00Z
1
value 0.00244
scoring_system epss
scoring_elements 0.47945
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4383
1
reference_url https://github.com/contao/core
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core
2
reference_url https://github.com/contao/core/commit/2bf4fc380e19895127cbeaba62bff951a3b8e5cb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/2bf4fc380e19895127cbeaba62bff951a3b8e5cb
3
reference_url https://github.com/contao/core/issues/4427
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/issues/4427
4
reference_url http://www.openwall.com/lists/oss-security/2012/08/31/14
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/08/31/14
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4383
reference_id CVE-2012-4383
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4383
6
reference_url https://github.com/advisories/GHSA-9jq2-jvwc-p52f
reference_id GHSA-9jq2-jvwc-p52f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jq2-jvwc-p52f
fixed_packages
0
url pkg:composer/contao/core@2.11.4
purl pkg:composer/contao/core@2.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5639-8xt3-8ugc
1
vulnerability VCID-6bch-mqbz-bqfs
2
vulnerability VCID-6um8-6hqz-uybm
3
vulnerability VCID-7nh2-bb7m-3udz
4
vulnerability VCID-crsc-bhc9-y3f9
5
vulnerability VCID-epmj-qf23-xffd
6
vulnerability VCID-m28p-n6vz-zuhw
7
vulnerability VCID-stup-et3v-5kgp
8
vulnerability VCID-u721-yafq-bkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.11.4
aliases CVE-2012-4383, GHSA-9jq2-jvwc-p52f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zexf-zd22-nkfp
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core@2.7.0