Vulnerabilities > Contao > Contao CMS > 3.2.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2017-16558 | SQL Injection vulnerability in Contao CMS Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | 9.8 |
| 2019-04-17 | CVE-2019-10641 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. | 9.8 |
| 2019-04-17 | CVE-2018-20028 | Unspecified vulnerability in Contao CMS Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | 6.5 |
| 2017-07-21 | CVE-2017-10993 | Path Traversal vulnerability in Contao CMS Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | 8.8 |