Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-24899
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao before 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...
Contao Contao
578
VMScore
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the ...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
578
VMScore
CVE-2021-37627
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form gen...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
668
VMScore
CVE-2014-1860
Contao CMS up to and including 3.2.4 has PHP Object Injection Vulnerabilities
Contao Contao Cms
668
VMScore
CVE-2017-16558
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Contao Contao Cms
445
VMScore
CVE-2019-10641
Contao prior to 3.5.39 and 4.x prior to 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Contao Contao Cms
605
VMScore
CVE-2019-10642
Contao 4.7 allows CSRF.
Contao Contao Cms 4.7.0
668
VMScore
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date.
Contao Contao Cms 4.7.0
356
VMScore
CVE-2018-20028
Contao 3.x prior to 3.5.37, 4.4.x prior to 4.4.31 and 4.6.x prior to 4.6.11 has Incorrect Access Control.
Contao Contao Cms
580
VMScore
CVE-2017-10993
Contao prior to 3.5.28 and 4.x prior to 4.4.1 allows remote malicious users to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Contao Contao Cms 4.3.1
Contao Contao Cms 4.3.2
Contao Contao Cms 4.3.3
Contao Contao Cms 4.3.5
Contao Contao Cms 4.2.0
Contao Contao Cms 4.1.1
Contao Contao Cms
Contao Contao Cms 4.3.10
Contao Contao Cms 4.3.11
Contao Contao Cms 4.3.0
Contao Contao Cms 4.1.0
Contao Contao Cms 4.0.1
Contao Contao Cms 4.0.2
Contao Contao Cms 4.0.3
Contao Contao Cms 4.4.0
Contao Contao Cms 4.3.6
Contao Contao Cms 4.3.8
Contao Contao Cms 4.2.2
Contao Contao Cms 4.2.4
Contao Contao Cms 4.1.3
Contao Contao Cms 4.0.4
Contao Contao Cms 4.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »