Vulnerabilities > Contao > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-45398 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao is an Open Source CMS.
network
low complexity
contao CWE-434
8.8
8.8
2024-04-09 CVE-2024-30262 Insufficient Session Expiration vulnerability in Contao
Contao is an open source content management system.
network
low complexity
contao CWE-613
7.1
7.1
2021-08-11 CVE-2021-37626 Code Injection vulnerability in Contao
Contao is an open source CMS that allows you to create websites and scalable web applications.
network
low complexity
contao CWE-94
7.2
7.2
2021-08-11 CVE-2021-37627 Improper Privilege Management vulnerability in Contao
Contao is an open source CMS that allows creation of websites and scalable web applications.
network
low complexity
contao CWE-269
7.2
7.2
2020-01-29 CVE-2012-4383 SQL Injection vulnerability in Contao
contao prior to 2.11.4 has a sql injection vulnerability
network
low complexity
contao CWE-89
8.8
8.8
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
8.8
8.8
2019-04-17 CVE-2019-10642 Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0
Contao 4.7 allows CSRF.
network
low complexity
contao CWE-352
8.8
8.8
2017-07-21 CVE-2017-10993 Path Traversal vulnerability in Contao CMS
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
network
low complexity
contao CWE-22
8.8
8.8