Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2017-16558 SQL Injection vulnerability in Contao CMS
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
network
low complexity
contao CWE-89
critical
9.8
2019-04-17 CVE-2019-10643 Improper Authentication vulnerability in Contao CMS 4.7.0
Contao 4.7 allows Use of a Key Past its Expiration Date.
network
low complexity
contao CWE-287
critical
9.8
2019-04-17 CVE-2019-10642 Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0
Contao 4.7 allows CSRF.
network
low complexity
contao CWE-352
8.8
2019-04-17 CVE-2019-10641 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
network
low complexity
contao CWE-640
critical
9.8
2019-04-17 CVE-2018-20028 Unspecified vulnerability in Contao CMS
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
network
low complexity
contao
6.5
2017-07-21 CVE-2017-10993 Path Traversal vulnerability in Contao CMS
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
network
low complexity
contao CWE-22
8.8
2017-05-26 CVE-2015-0269 Path Traversal vulnerability in Contao CMS
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
network
low complexity
contao CWE-22
4.3