Vulnerabilities > Contao
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-16 | CVE-2018-10125 | Cross-site Scripting vulnerability in Contao Contao before 4.5.7 has XSS in the system log. | 4.3 |
2020-01-29 | CVE-2012-4383 | SQL Injection vulnerability in Contao contao prior to 2.11.4 has a sql injection vulnerability | 6.5 |
2020-01-08 | CVE-2014-1860 | Deserialization of Untrusted Data vulnerability in Contao CMS Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities | 7.5 |
2019-12-17 | CVE-2019-19745 | Unrestricted Upload of File with Dangerous Type vulnerability in Contao Contao 4.0 through 4.8.5 allows PHP local file inclusion. | 6.5 |
2019-12-17 | CVE-2019-19714 | Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5 Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. | 5.0 |
2019-12-17 | CVE-2019-19712 | Incorrect Default Permissions vulnerability in Contao Contao 4.0 through 4.8.5 has Insecure Permissions. | 5.0 |
2019-07-09 | CVE-2019-11512 | SQL Injection vulnerability in Contao Contao 4.x allows SQL Injection. | 7.5 |
2019-04-25 | CVE-2017-16558 | SQL Injection vulnerability in Contao CMS Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | 7.5 |
2019-04-17 | CVE-2019-10643 | Key Management Errors vulnerability in Contao CMS 4.7.0 Contao 4.7 allows Use of a Key Past its Expiration Date. | 7.5 |
2019-04-17 | CVE-2019-10642 | Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0 Contao 4.7 allows CSRF. | 6.8 |