Contao: >> Contao Cms >> 3.5.28 Security Vulnerabilities
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-25
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-04-17
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-17