CVE-2024-45612

5.3 MEDIUM

Cross-Site Scripting

📋 TL;DR

This vulnerability allows untrusted users to inject Contao insert tags into canonical URL tags, which are then processed and rendered on the front-end web pages. It affects Contao CMS users running vulnerable versions. The injection occurs through canonical tag manipulation.

💻 Affected Systems

Products:

• Contao CMS

Versions: Contao versions before 4.13.49, 5.3.15, and 5.4.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Contao installations with canonical tags enabled in root page settings.

📦 What is this software?

Contao by Contao

View all CVEs affecting Contao →

Contao by Contao

View all CVEs affecting Contao →

Contao by Contao

View all CVEs affecting Contao →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could inject malicious insert tags that execute arbitrary code, potentially leading to remote code execution, data theft, or website defacement.

🟠

Likely Case

Attackers inject malicious content into canonical tags that gets rendered on web pages, potentially enabling cross-site scripting (XSS), content manipulation, or SEO poisoning.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to minor content manipulation without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user input in canonical tags, which are processed by the front-end rendering engine.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contao 4.13.49, 5.3.15, or 5.4.3

Vendor Advisory: https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls

Restart Required: No

Instructions:

1. Backup your Contao installation and database. 2. Update Contao to version 4.13.49, 5.3.15, or 5.4.3 using Composer or the Contao Manager. 3. Clear the cache after update.

🔧 Temporary Workarounds

Disable canonical tags

all

Disable canonical tags in root page settings to prevent injection

Copy

Navigate to Contao backend > Page structure > Root page > Settings > Disable 'Canonical link'

🧯 If You Can't Patch

• Disable canonical tags in all root page settings immediately
• Implement web application firewall rules to block insert tag patterns in canonical URLs

🔍 How to Verify

Check if Vulnerable:

Copy

Check Contao version in backend or via composer show contao/contao

Check Version:

Copy

composer show contao/contao | grep version

Verify Fix Applied:

Copy

Verify version is 4.13.49, 5.3.15, or 5.4.3 or higher

📡 Detection & Monitoring

Log Indicators:

• Unusual insert tag patterns in canonical URLs
• Multiple failed canonical URL submissions

Network Indicators:

• HTTP requests with malicious insert tags in canonical parameters

SIEM Query:

Copy

web_requests WHERE url CONTAINS 'canonical' AND (url CONTAINS '{{' OR url CONTAINS '}}')

📊 Metadata

CVE ID: CVE-2024-45612

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-20

Published: September 17, 2024

Last Updated: September 23, 2024

🔗 References

• https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls Vendor Advisory
• https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45612, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)

CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)

CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)