Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2018-10125 Cross-site Scripting vulnerability in Contao
Contao before 4.5.7 has XSS in the system log.
network
contao CWE-79
4.3
2020-01-29 CVE-2012-4383 SQL Injection vulnerability in Contao
contao prior to 2.11.4 has a sql injection vulnerability
network
low complexity
contao CWE-89
6.5
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
7.5
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
6.5
2019-12-17 CVE-2019-19714 Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output.
network
low complexity
contao CWE-116
5.0
2019-12-17 CVE-2019-19712 Incorrect Default Permissions vulnerability in Contao
Contao 4.0 through 4.8.5 has Insecure Permissions.
network
low complexity
contao CWE-276
5.0
2019-07-09 CVE-2019-11512 SQL Injection vulnerability in Contao
Contao 4.x allows SQL Injection.
network
low complexity
contao CWE-89
7.5
2019-04-25 CVE-2017-16558 SQL Injection vulnerability in Contao CMS
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
network
low complexity
contao CWE-89
7.5
2019-04-17 CVE-2019-10643 Key Management Errors vulnerability in Contao CMS 4.7.0
Contao 4.7 allows Use of a Key Past its Expiration Date.
network
low complexity
contao CWE-320
7.5
2019-04-17 CVE-2019-10642 Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0
Contao 4.7 allows CSRF.
network
contao CWE-352
6.8