Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-26265
Contao Managed Edition v1.5.0 exists to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
Contao Contao 1.5.0
2 Github repositories
4.8
CVSSv3
CVE-2021-35955
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
Contao Contao
7.2
CVSSv3
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the ...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
7.2
CVSSv3
CVE-2021-37627
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form gen...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
6.1
CVSSv3
CVE-2021-35210
Contao 4.5.x up to and including 4.9.x prior to 4.9.16, and 4.10.x up to and including 4.11.x prior to 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
Contao Contao
5.3
CVSSv3
CVE-2020-25768
Contao prior to 4.4.52, 4.9.x prior to 4.9.6, and 4.10.x prior to 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Contao Contao
6.1
CVSSv3
CVE-2018-10125
Contao prior to 4.5.7 has XSS in the system log.
Contao Contao
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
8.8
CVSSv3
CVE-2012-4383
contao before 2.11.4 has a sql injection vulnerability
Contao Contao
9.8
CVSSv3
CVE-2014-1860
Contao CMS up to and including 3.2.4 has PHP Object Injection Vulnerabilities
Contao Contao Cms
5.3
CVSSv3
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Contao Contao 4.8.4
Contao Contao 4.8.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »