Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-1860
Contao CMS up to and including 3.2.4 has PHP Object Injection Vulnerabilities
Contao Contao Cms
668
VMScore
CVE-2022-26265
Contao Managed Edition v1.5.0 exists to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
Contao Contao 1.5.0
2 Github repositories
445
VMScore
CVE-2019-10641
Contao prior to 3.5.39 and 4.x prior to 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Contao Contao Cms
668
VMScore
CVE-2017-16558
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Contao Contao Cms
605
VMScore
CVE-2019-10642
Contao 4.7 allows CSRF.
Contao Contao Cms 4.7.0
668
VMScore
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date.
Contao Contao Cms 4.7.0
383
VMScore
CVE-2011-0508
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions prior to 2.9.3, allows remote malicious users to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/li...
Contao Contao Cms 2.9.2
NA
CVE-2022-1588
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage
NA
CVE-2024-28235
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for a...
NA
CVE-2024-28234
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch ...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »