Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao contao cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-24899
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao before 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...
Contao Contao
6.5
CVSSv2
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the ...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
6.5
CVSSv2
CVE-2021-37627
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form gen...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
7.5
CVSSv2
CVE-2014-1860
Contao CMS up to and including 3.2.4 has PHP Object Injection Vulnerabilities
Contao Contao Cms
7.5
CVSSv2
CVE-2017-16558
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Contao Contao Cms
5
CVSSv2
CVE-2019-10641
Contao prior to 3.5.39 and 4.x prior to 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Contao Contao Cms
7.5
CVSSv2
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date.
Contao Contao Cms 4.7.0
4
CVSSv2
CVE-2018-20028
Contao 3.x prior to 3.5.37, 4.4.x prior to 4.4.31 and 4.6.x prior to 4.6.11 has Incorrect Access Control.
Contao Contao Cms
6.8
CVSSv2
CVE-2019-10642
Contao 4.7 allows CSRF.
Contao Contao Cms 4.7.0
6.5
CVSSv2
CVE-2017-10993
Contao prior to 3.5.28 and 4.x prior to 4.4.1 allows remote malicious users to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Contao Contao Cms 4.3.1
Contao Contao Cms 4.3.2
Contao Contao Cms 4.3.3
Contao Contao Cms 4.3.5
Contao Contao Cms 4.2.0
Contao Contao Cms 4.1.1
Contao Contao Cms
Contao Contao Cms 4.3.10
Contao Contao Cms 4.3.11
Contao Contao Cms 4.3.0
Contao Contao Cms 4.1.0
Contao Contao Cms 4.0.1
Contao Contao Cms 4.0.2
Contao Contao Cms 4.0.3
Contao Contao Cms 4.4.0
Contao Contao Cms 4.3.6
Contao Contao Cms 4.3.8
Contao Contao Cms 4.2.2
Contao Contao Cms 4.2.4
Contao Contao Cms 4.1.3
Contao Contao Cms 4.0.4
Contao Contao Cms 4.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »