Contao » Contao Cms : Security Vulnerabilities, CVEs, CVSS score >= 6
Contao 4.7 allows Use of a Key Past its Expiration Date.
Max CVSS
9.8
EPSS Score
0.34%
Published
2019-04-17
Updated
2021-07-21
Contao 4.7 allows CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-04-17
Updated
2019-04-18
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-04-17
Updated
2019-04-19
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
Max CVSS
6.5
EPSS Score
0.07%
Published
2019-04-17
Updated
2020-08-24
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Max CVSS
9.8
EPSS Score
0.15%
Published
2019-04-25
Updated
2019-04-26
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Max CVSS
8.8
EPSS Score
0.32%
Published
2017-07-21
Updated
2019-10-03
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Max CVSS
9.8
EPSS Score
0.57%
Published
2020-01-08
Updated
2020-01-14
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Max CVSS
6.8
EPSS Score
1.52%
Published
2012-03-19
Updated
2019-06-11
8 vulnerabilities found