Vulnerabilities > Contao > Contao CMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
critical
 9.8
9.8
2019-04-25 CVE-2017-16558 SQL Injection vulnerability in Contao CMS
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
network
low complexity
contao CWE-89
critical
 9.8
9.8
2019-04-17 CVE-2019-10641 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
network
low complexity
contao CWE-640
critical
 9.8
9.8
2019-04-17 CVE-2019-10643 Improper Authentication vulnerability in Contao CMS 4.7.0
Contao 4.7 allows Use of a Key Past its Expiration Date.
network
low complexity
contao CWE-287
critical
 9.8
9.8