📦 Contao

CVE-2022-26265 is a critical remote command execution vulnerability in Contao Managed Edition v1.5.0 that allows attackers to execute arbitrary commands on the server via the php_cli parameter. This a...

This vulnerability allows authenticated back-end users with file manager access in Contao CMS to upload malicious files and execute arbitrary code on the server. It affects Contao versions before 4.13...

Contao CMS versions 4.9.0 through 4.13.39 and 5.0.0 through 5.3.3 inadvertently send session cookies to external URLs when checking for broken links on protected pages. This allows attackers to potent...

This vulnerability allows untrusted back-end users in Contao CMS to execute arbitrary PHP code via insert tags. It affects installations where back-end users with content editing permissions can modif...

This vulnerability allows authenticated back-end users in Contao CMS to execute arbitrary PHP functions through template closures, potentially leading to remote code execution. It affects Contao versi...

This vulnerability in Contao CMS allows protected content elements to be indexed and publicly accessible through the front-end search functionality. Attackers can view content that should be restricte...

This vulnerability allows authenticated back-end users in Contao CMS to access modules they shouldn't have permission to view. It affects Contao installations from version 5.0.0 up to (but not includi...

This vulnerability allows attackers to upload malicious SVG files containing cross-site scripting (XSS) code to Contao CMS. When these files are processed in the back end or displayed in the front end...

This vulnerability allows untrusted users to inject Contao insert tags into canonical URL tags, which are then processed and rendered on the front-end web pages. It affects Contao CMS users running vu...