Vulnerabilities > Contao > Contao CMS > 4.4.7

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2017-16558 SQL Injection vulnerability in Contao CMS
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
network
low complexity
contao CWE-89
critical
9.8
2019-04-17 CVE-2019-10641 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
network
low complexity
contao CWE-640
critical
9.8
2019-04-17 CVE-2018-20028 Unspecified vulnerability in Contao CMS
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
network
low complexity
contao
6.5