Vulnerabilities > Contao
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-19745 | Unrestricted Upload of File with Dangerous Type vulnerability in Contao Contao 4.0 through 4.8.5 allows PHP local file inclusion. | 6.5 |
| 2019-12-17 | CVE-2019-19714 | Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5 Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. | 5.0 |
| 2019-12-17 | CVE-2019-19712 | Incorrect Default Permissions vulnerability in Contao Contao 4.0 through 4.8.5 has Insecure Permissions. | 5.0 |
| 2019-07-09 | CVE-2019-11512 | SQL Injection vulnerability in Contao Contao 4.x allows SQL Injection. | 7.5 |
| 2019-04-25 | CVE-2017-16558 | SQL Injection vulnerability in Contao CMS Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | 7.5 |
| 2019-04-17 | CVE-2019-10643 | Key Management Errors vulnerability in Contao CMS 4.7.0 Contao 4.7 allows Use of a Key Past its Expiration Date. | 7.5 |
| 2019-04-17 | CVE-2019-10642 | Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0 Contao 4.7 allows CSRF. | 6.8 |
| 2019-04-17 | CVE-2019-10641 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password. | 5.0 |
| 2019-04-17 | CVE-2018-20028 | Unspecified vulnerability in Contao CMS Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | 4.0 |
| 2017-07-21 | CVE-2017-10993 | Path Traversal vulnerability in Contao CMS Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | 6.5 |