Contao: >> Contao Cms >> 3.2.21 Security Vulnerabilities
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-25
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-04-17
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-17
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-07-21