Search criteria
33 vulnerabilities found for contao_cms by contao
FKIE_CVE-2014-1860
Vulnerability from fkie_nvd - Published: 2020-01-08 16:15 - Updated: 2024-11-21 02:05
Severity ?
Summary
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "648AE132-E201-437E-AA4B-D3F0AE27246C",
"versionEndIncluding": "3.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
},
{
"lang": "es",
"value": "Contao CMS versiones hasta la versi\u00f3n 3.2.4, tiene vulnerabilidades de inyecci\u00f3n de objetos PHP."
}
],
"id": "CVE-2014-1860",
"lastModified": "2024-11-21T02:05:10.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T16:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-database.net/?id=21609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.exploit-database.net/?id=21609"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16558
Vulnerability from fkie_nvd - Published: 2019-04-25 17:29 - Updated: 2024-11-21 03:16
Severity ?
Summary
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://contao.org/de/changelog/versions/4.4.html | Vendor Advisory | |
| cve@mitre.org | https://contao.org/en/news/contao-4_4_8.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://contao.org/de/changelog/versions/4.4.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://contao.org/en/news/contao-4_4_8.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * | |
| contao | contao_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "114710AA-2F2A-41A6-B22E-C466D43BB8CB",
"versionEndIncluding": "3.5.30",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82AD7A27-EF01-475A-A3DF-8FB35F8E4BB4",
"versionEndIncluding": "4.4.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
},
{
"lang": "es",
"value": "Contao versiones desde la 3.0.0 hasta la 3.5.30 y desde la 4.0.0 hasta la 4.4.7 presenta una vulnerabilidad de inyecci\u00f3n SQL en el back end as\u00ed como en el listado de m\u00f3dulos."
}
],
"id": "CVE-2017-16558",
"lastModified": "2024-11-21T03:16:35.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-25T17:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-20028
Vulnerability from fkie_nvd - Published: 2019-04-17 19:29 - Updated: 2024-11-21 04:00
Severity ?
Summary
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * | |
| contao | contao_cms | * | |
| contao | contao_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81BC24CA-5E7C-405A-9F01-BBF78160FDF7",
"versionEndExcluding": "3.5.37",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8A0084-0451-483C-AC84-25A0CAB283A8",
"versionEndExcluding": "4.4.31",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5E80E-8DDF-4E35-B5FA-16C540B345E2",
"versionEndExcluding": "4.6.11",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
},
{
"lang": "es",
"value": "Contao versi\u00f3n 3.x anterior a 3.5.37, versi\u00f3n 4.4.x anterior a 4.4.31 y versi\u00f3n 4.6.x anterior a 4.6.11 tiene un control de acceso incorrecto"
}
],
"id": "CVE-2018-20028",
"lastModified": "2024-11-21T04:00:47.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-17T19:29:00.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10641
Vulnerability from fkie_nvd - Published: 2019-04-17 19:29 - Updated: 2024-11-21 04:19
Severity ?
Summary
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * | |
| contao | contao_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A93862CC-B67C-4AA4-84CD-5D5EAFD586A7",
"versionEndExcluding": "3.5.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37DBE763-C27B-4B73-A6A0-25A11E53F741",
"versionEndExcluding": "4.7.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
},
{
"lang": "es",
"value": "Contao versi\u00f3n anterior a 3.5.39 y versi\u00f3n 4.x anterior a versi\u00f3n 4.7.3 presenta un mecanismo de recuperaci\u00f3n de contrase\u00f1a d\u00e9bil para una contrase\u00f1a olvidada."
}
],
"id": "CVE-2019-10641",
"lastModified": "2024-11-21T04:19:39.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-17T19:29:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10643
Vulnerability from fkie_nvd - Published: 2019-04-17 19:29 - Updated: 2024-11-21 04:19
Severity ?
Summary
Contao 4.7 allows Use of a Key Past its Expiration Date.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | 4.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AE9CDB-137A-4113-965F-AC0408A9D03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
},
{
"lang": "es",
"value": "Contao versi\u00f3n 4.7 permite el uso de una clave pasada su fecha de expiraci\u00f3n."
}
],
"id": "CVE-2019-10643",
"lastModified": "2024-11-21T04:19:39.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-17T19:29:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10642
Vulnerability from fkie_nvd - Published: 2019-04-17 19:29 - Updated: 2024-11-21 04:19
Severity ?
Summary
Contao 4.7 allows CSRF.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | 4.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AE9CDB-137A-4113-965F-AC0408A9D03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows CSRF."
},
{
"lang": "es",
"value": "Contao versi\u00f3n 4.7 permite Cross Site Request Forgery (CSRF)."
}
],
"id": "CVE-2019-10642",
"lastModified": "2024-11-21T04:19:39.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-17T19:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10993
Vulnerability from fkie_nvd - Published: 2017-07-21 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://contao.org/en/news/contao-3_5_28.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://contao.org/en/news/contao-3_5_28.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * | |
| contao | contao_cms | 4.0.0 | |
| contao | contao_cms | 4.0.0 | |
| contao | contao_cms | 4.0.0 | |
| contao | contao_cms | 4.0.1 | |
| contao | contao_cms | 4.0.2 | |
| contao | contao_cms | 4.0.3 | |
| contao | contao_cms | 4.0.4 | |
| contao | contao_cms | 4.1.0 | |
| contao | contao_cms | 4.1.0 | |
| contao | contao_cms | 4.1.0 | |
| contao | contao_cms | 4.1.1 | |
| contao | contao_cms | 4.1.2 | |
| contao | contao_cms | 4.1.3 | |
| contao | contao_cms | 4.2.0 | |
| contao | contao_cms | 4.2.0 | |
| contao | contao_cms | 4.2.0 | |
| contao | contao_cms | 4.2.1 | |
| contao | contao_cms | 4.2.2 | |
| contao | contao_cms | 4.2.3 | |
| contao | contao_cms | 4.2.4 | |
| contao | contao_cms | 4.2.5 | |
| contao | contao_cms | 4.3.0 | |
| contao | contao_cms | 4.3.0 | |
| contao | contao_cms | 4.3.1 | |
| contao | contao_cms | 4.3.2 | |
| contao | contao_cms | 4.3.3 | |
| contao | contao_cms | 4.3.5 | |
| contao | contao_cms | 4.3.6 | |
| contao | contao_cms | 4.3.7 | |
| contao | contao_cms | 4.3.8 | |
| contao | contao_cms | 4.3.9 | |
| contao | contao_cms | 4.3.10 | |
| contao | contao_cms | 4.3.11 | |
| contao | contao_cms | 4.4.0 | |
| contao | contao_cms | 4.4.0 | |
| contao | contao_cms | 4.4.0 | |
| contao | contao_cms | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345EFF44-3226-4823-92C5-3E94043A0384",
"versionEndIncluding": "3.5.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A36BE117-EB7C-416B-A0C8-FAD70E65C7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "63498341-5F80-4552-A533-3DA0C398FEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D08FA6D9-CFF9-496A-A4E3-35CFBB832802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D45C3808-BEDF-403A-A972-630067B29525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "590812CA-69C8-433B-B95E-F9419655E950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE4F7CE-9A04-4A84-9C45-28DC84A386BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C978D3A-B6B3-4BD7-9C49-F5D9C076B498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50F00A7E-AE29-40CA-AE6B-D5FEBE483CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F57CC647-3B81-475D-A4A3-499D223941F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D0473068-D670-41FE-AFCD-0B14E9EC8705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD176B3F-51E2-4BC0-9C34-116C2532F2D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7FC43-D899-4AF2-B48B-CA689D8E0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3856C8EA-96A6-4164-BA6B-C7B2827416C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7B0B82-B936-4283-BB12-16E4CD1024A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F67D76B5-92C0-4403-9F7C-DB91C0A8E52B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "103492BC-2152-41D6-9A3D-EE95AE5AE8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89E9C0D4-3DC2-4AB6-BE48-FBAB387FF24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "228151A7-BBC0-413C-9220-05D3F45D148F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49A00DDA-346C-476F-832B-D0DA9B8CB926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "563EA1E3-ECB2-454B-BC0D-5E7AFE2A1566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A33B5AE6-7AD8-4F7A-8E72-21962C601E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5239F9C4-1601-477D-9CB4-C95586BB3F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "45C8E022-7F37-4BFA-9D28-C083ADE58CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479DEA11-6158-476F-AEC6-2BED5AC3FC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75BE9E24-F0EA-4D5F-B172-92EBE3FC8F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4728FDD-09FD-4752-AC10-BEA4BFC3C16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBD2BD2-341E-4332-8A78-8973895A8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA95607-828A-4FBB-818F-D22DBD4A19DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E145183E-26DD-435B-B060-8E3F17F0EA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC3036F-A8BA-402F-9F94-E5A8CA880606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE8357-7569-4F12-847B-F615BBB75486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AA64EC0D-FACA-4683-84AA-8288BECD376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE3E158-9C34-490E-8858-F887A98AFB9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3759FE91-B5BF-4DAD-B972-FB23C5FE12C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "45C095B1-09F3-43EE-9738-8157ED74A5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D08445B-DCB8-416A-A0E1-62D9E1E68B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A176687-80CF-4159-97CA-05B332F5E295",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
},
{
"lang": "es",
"value": "Contao anterior a versi\u00f3n 3.5.28 y versi\u00f3n 4.x anterior a 4.4.1, permite que los atacantes remotos incluyan y ejecuten archivos PHP locales arbitrarios por medio de un par\u00e1metro creado en una URL, tambi\u00e9n se conoce como Salto de Directorio."
}
],
"id": "CVE-2017-10993",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T06:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-0269
Vulnerability from fkie_nvd - Published: 2017-05-26 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| contao | contao_cms | * | |
| contao | contao_cms | 3.4.0 | |
| contao | contao_cms | 3.4.0 | |
| contao | contao_cms | 3.4.1 | |
| contao | contao_cms | 3.4.2 | |
| contao | contao_cms | 3.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2A2A58-FA38-4930-86E3-07239AC98EE6",
"versionEndIncluding": "3.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "560647AE-9AA0-4A9F-AF6C-81CA20C4B120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:3.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E2D73046-F8FE-489F-850D-C01A2F20064C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "102364AF-FC62-40D0-8318-EA2530D68F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "342AC8F9-0F65-4901-AD0B-BFDA4EB57122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A753375D-F536-49B5-9476-F1C6D86BDCCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
},
{
"lang": "es",
"value": "La vulnerabilidad de desplazamiento de directorios en Contao en versiones anteriores a la 3.2.19, versi\u00f3n 3.4.x y anteriores a la 3.4.4, permite a usuarios remotos autenticados \"back-end\" ver archivos fuera de su sistema de archivos o la ra\u00edz de directorios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0269",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-26T17:29:00.180",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1297
Vulnerability from fkie_nvd - Published: 2012-03-19 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F688AE-1EB4-4013-A8EC-4612166D4770",
"versionEndIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1F6555-C853-40A8-8935-7BD275DC610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc1:*:*:*:*:*:*",
"matchCriteriaId": "E210735D-9933-4F57-B9F8-32FC5673F115",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "40849DFD-C3E2-4283-A543-85B3435E9478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc3:*:*:*:*:*:*",
"matchCriteriaId": "3513D755-3E0B-4997-A0FC-1A397C4BB393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E39F68B-98F8-411A-A805-6ECB7BA1F124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E227A1DB-AD06-4379-8FB8-27563FB135DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7710DFC-1A70-4C0C-BD78-673C6386FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8025EA3-434E-4BAC-BBEE-C4BA62A5E090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F302D73B-9529-4A39-8681-18707FCBEFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0AFA4A-20AF-4BB5-AF4C-969293A5ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C906FF5E-9D05-4D3A-A4A2-86662354D5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E109C9DE-BD05-4554-B2DA-5A3CAE9FC02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6334C150-BAED-4F30-BB49-3998EC7123DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1C6C6D-6007-485D-A65E-C93FD019C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2498A85B-D23E-4821-A23A-D91D2D4C942E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA97EE-C2F3-4D8C-B1FA-C62B238D0A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "150C302F-BE3B-4C4F-BA82-DDCD06311C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "963D5D8E-ED92-476F-A3B4-9F7C9834D487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7838C9-BB5E-4A12-AF93-9C59D2E165F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2A53EE4A-E26E-47EC-8BDD-B1556142FA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "532BEF96-0717-4086-9D97-B4306E816D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC5564D-6430-4DB7-B9F2-387F9859F23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7043C6-9744-4299-8EE1-917F6961E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BD438B-73AB-43A3-B1A8-764BD389A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F1B75E-945D-4A8D-BD36-A6932F640C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14AC319-F390-45CE-850E-C62B93855C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7418CE4-3A95-47AC-86AB-4798C576FBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D3D968-2959-4CAA-807E-92E5E754E2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F01BAF8-5DDD-4D07-B44B-98E9DDA763A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B777A-0808-4FCC-BC3A-4439F06133C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A02D03D7-6424-4196-9910-7CF55B5DDB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E417DAC1-DAC8-4B9D-9A8B-9ECA97D02CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F644DEDE-DC3A-4BCA-B47D-5ECE9D1D16F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4D0369-0FC5-42E0-A314-3D95EA3A1BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C84259B3-FA0D-43AB-93F6-B56E39C16C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7259D5-B95A-4776-BCC6-0EA728BAD8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "571B4326-534A-4F13-917A-E70B189B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A858A058-6C6F-4A55-8F75-7B5C4864FD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66DAB15B-7C53-4F60-AB74-B447ACC89C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D6B294-FC56-4F67-BDDC-D2BD843E7A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5F21EE-0EF8-426B-88B6-2B8DAA29D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3904DED0-9772-423D-B705-CC2DC622979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4ACD0CD-4E4B-4133-812A-69CF2221504E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D828A2C-DA93-4CA9-AA4F-1B981FB42170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "18FD90D0-0D81-4AA6-A0C6-FF5A0D612B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F87637-DD29-4F9D-9069-10DF72F893F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "539D1C67-4486-4278-A10F-4E47A1B6214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC54491-D847-49F4-8477-C7223FEFDED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA47797-CC87-4540-9988-EFB25416CBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0D3AD5-753F-4089-8F16-99A4E79717A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75366F-5976-4088-9973-ADA2B826EAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABCCAE-0BE7-480E-B1EC-D5E8F991BE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7A261-780D-41D4-9F61-80E7474C0247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A170F03-D582-405C-8B22-2E3405989B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "F37147E6-795B-4C4B-AE9E-458D45272ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D150167-00AC-416C-88C7-C901E80B096E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22CA6235-6D32-4C84-BF29-D8432F8403D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3852AB7E-2CF7-42A5-80F9-D921FA311359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCCF09E-899D-4BDD-87F7-7D0866EDC06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A296368-5FFE-4037-A58E-FBC24783B7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E497999A-ACE7-47BC-A0C7-8F6A2CE25EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E841B29E-628A-4E77-AB59-32C222973252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C503BE53-AC21-4381-85B2-A9F73B0F68F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93ABE05F-92E2-40FE-858A-D15B98B0677B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E276325C-5B69-4A4B-B6ED-CEDB8D93AB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8F7C378-3908-4151-BE03-2A8180A8FBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "73844A9B-C6A0-4B5C-9A17-883A0624E30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC882715-1899-4AA2-85B7-082BFD186AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53C9EC-04D1-4C69-A6FC-C03E7CEB2A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401C9B5D-2789-4F20-9F69-763EB9428C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE8028-3B12-49FB-BCB4-F6F4614A7582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBDC8B4-88C6-4F90-8F98-B28C381598AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10C0B8CB-B290-43C9-96ED-F3401F556339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB45B3B-C7FE-4B02-A7D4-F7DDAF988D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E34758B1-BDAC-4277-A141-E54792414D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711FA883-8573-4D82-8ABB-6CF57A375CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE97438-13F6-48A4-83FB-4B5A0953F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F6C1E95-ACA1-467C-B83C-D181A5C2E7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C10EFA4D-BC0A-47DA-BBF6-7CC7A71ABC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBAA823-61A6-4A63-B348-5358152E02FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8432155-FC1D-454B-AADE-91845E4D4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4BA44-4C22-448B-BB57-3B150309E7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEFFCF5-60B3-4299-842C-736B5A0A9E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0175BDCC-B3A5-48A7-AE77-AE9BBFCB292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "965280FF-E31E-4027-81AF-984DBB2D20C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DD8B58-4D71-4E24-A3BB-15FF14AC1ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B900603-6D38-4602-94B4-6DB37BF0FC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C3FA521A-6593-4A5B-A582-3E9DA804C973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16C95AAB-A346-43BE-B2ED-6D52835EDA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D0F246-7839-4DD7-A73F-64AD1CFCB643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA67F43-1CC3-42B1-84CB-6FD458B6EC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "018A50A3-E79C-4CDF-9AAD-60CB97A5141B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACCC146-D248-4199-9C60-B9499586C3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A762BEF8-C457-423C-A3A6-8ED49E503F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CC962AF4-4FA6-421A-8F9B-B425E1E48E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8973E6-02D9-4EDC-92FD-C8789851CE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5948A9DB-8CD3-4AB6-BAD4-B1341F4E3C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99A88B-01CD-4AED-9FF5-31DBE0513E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9D573F-4426-4608-A1AB-DD169EC83CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47F48DCD-9AB8-4FD0-90B7-5CA8C54ED97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.:beta:*:*:*:*:*:*",
"matchCriteriaId": "83FD5A80-5D26-4182-AB2A-F64AB057DECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D359463-9BC3-451C-8576-2FEFC3123CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BEBDD36E-D29F-4D95-81C9-4F51D8F47364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456B642C-4F5E-49E8-91F3-ADE504EBA668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "133A3AFA-8721-4712-9DF5-19A5C53B61EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "384DE25B-E28D-4C49-9244-5D0725B7A6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59DC8CCA-C561-4E10-AD19-F817E711C06E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de falsificaci\u00f3n de petici\u00f3nes en sitios cruzados(CSRF) en main.php en Contao (antes TYPOlight) v2.11.0 y anteriores permite a atacantes remotos secuestrar la autentificaci\u00f3n de los administradores para las peticiones que (1) eliminan los usuarios a trav\u00e9s de una acci\u00f3n de eliminaci\u00f3n en el m\u00f3dulo de usuario , (2) eliminan las noticias a trav\u00e9s de una acci\u00f3n de eliminaci\u00f3n en el m\u00f3dulo de noticias, o (3) eliminan boletines de noticias a trav\u00e9s de una acci\u00f3n de eliminaci\u00f3n en el m\u00f3dulo de boletines de noticias."
}
],
"id": "CVE-2012-1297",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-19T18:55:02.623",
"references": [
{
"source": "cve@mitre.org",
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48180"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4335
Vulnerability from fkie_nvd - Published: 2011-11-28 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB0D70C-6C40-4777-A3BB-ACB66F57058C",
"versionEndIncluding": "2.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1F6555-C853-40A8-8935-7BD275DC610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc1:*:*:*:*:*:*",
"matchCriteriaId": "E210735D-9933-4F57-B9F8-32FC5673F115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "40849DFD-C3E2-4283-A543-85B3435E9478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc3:*:*:*:*:*:*",
"matchCriteriaId": "3513D755-3E0B-4997-A0FC-1A397C4BB393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E39F68B-98F8-411A-A805-6ECB7BA1F124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E227A1DB-AD06-4379-8FB8-27563FB135DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7710DFC-1A70-4C0C-BD78-673C6386FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8025EA3-434E-4BAC-BBEE-C4BA62A5E090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F302D73B-9529-4A39-8681-18707FCBEFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0AFA4A-20AF-4BB5-AF4C-969293A5ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C906FF5E-9D05-4D3A-A4A2-86662354D5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E109C9DE-BD05-4554-B2DA-5A3CAE9FC02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6334C150-BAED-4F30-BB49-3998EC7123DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1C6C6D-6007-485D-A65E-C93FD019C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2498A85B-D23E-4821-A23A-D91D2D4C942E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA97EE-C2F3-4D8C-B1FA-C62B238D0A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "150C302F-BE3B-4C4F-BA82-DDCD06311C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "963D5D8E-ED92-476F-A3B4-9F7C9834D487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7838C9-BB5E-4A12-AF93-9C59D2E165F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2A53EE4A-E26E-47EC-8BDD-B1556142FA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "532BEF96-0717-4086-9D97-B4306E816D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC5564D-6430-4DB7-B9F2-387F9859F23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7043C6-9744-4299-8EE1-917F6961E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BD438B-73AB-43A3-B1A8-764BD389A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F1B75E-945D-4A8D-BD36-A6932F640C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9369FB9-A8FE-4596-9ED8-570ECD00D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "502BC608-01B9-41F4-8CC6-E38BBBF58848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14AC319-F390-45CE-850E-C62B93855C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7418CE4-3A95-47AC-86AB-4798C576FBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D3D968-2959-4CAA-807E-92E5E754E2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F01BAF8-5DDD-4D07-B44B-98E9DDA763A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B777A-0808-4FCC-BC3A-4439F06133C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A02D03D7-6424-4196-9910-7CF55B5DDB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E417DAC1-DAC8-4B9D-9A8B-9ECA97D02CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F644DEDE-DC3A-4BCA-B47D-5ECE9D1D16F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4D0369-0FC5-42E0-A314-3D95EA3A1BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C84259B3-FA0D-43AB-93F6-B56E39C16C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7259D5-B95A-4776-BCC6-0EA728BAD8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "571B4326-534A-4F13-917A-E70B189B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A858A058-6C6F-4A55-8F75-7B5C4864FD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66DAB15B-7C53-4F60-AB74-B447ACC89C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D6B294-FC56-4F67-BDDC-D2BD843E7A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5F21EE-0EF8-426B-88B6-2B8DAA29D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3904DED0-9772-423D-B705-CC2DC622979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4ACD0CD-4E4B-4133-812A-69CF2221504E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D828A2C-DA93-4CA9-AA4F-1B981FB42170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "18FD90D0-0D81-4AA6-A0C6-FF5A0D612B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F87637-DD29-4F9D-9069-10DF72F893F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "539D1C67-4486-4278-A10F-4E47A1B6214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC54491-D847-49F4-8477-C7223FEFDED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA47797-CC87-4540-9988-EFB25416CBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0D3AD5-753F-4089-8F16-99A4E79717A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75366F-5976-4088-9973-ADA2B826EAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABCCAE-0BE7-480E-B1EC-D5E8F991BE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7A261-780D-41D4-9F61-80E7474C0247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A170F03-D582-405C-8B22-2E3405989B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "F37147E6-795B-4C4B-AE9E-458D45272ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D150167-00AC-416C-88C7-C901E80B096E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22CA6235-6D32-4C84-BF29-D8432F8403D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3852AB7E-2CF7-42A5-80F9-D921FA311359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCCF09E-899D-4BDD-87F7-7D0866EDC06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A296368-5FFE-4037-A58E-FBC24783B7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E497999A-ACE7-47BC-A0C7-8F6A2CE25EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E841B29E-628A-4E77-AB59-32C222973252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C503BE53-AC21-4381-85B2-A9F73B0F68F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93ABE05F-92E2-40FE-858A-D15B98B0677B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E276325C-5B69-4A4B-B6ED-CEDB8D93AB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8F7C378-3908-4151-BE03-2A8180A8FBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "73844A9B-C6A0-4B5C-9A17-883A0624E30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC882715-1899-4AA2-85B7-082BFD186AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53C9EC-04D1-4C69-A6FC-C03E7CEB2A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401C9B5D-2789-4F20-9F69-763EB9428C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE8028-3B12-49FB-BCB4-F6F4614A7582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBDC8B4-88C6-4F90-8F98-B28C381598AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10C0B8CB-B290-43C9-96ED-F3401F556339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB45B3B-C7FE-4B02-A7D4-F7DDAF988D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E34758B1-BDAC-4277-A141-E54792414D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711FA883-8573-4D82-8ABB-6CF57A375CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE97438-13F6-48A4-83FB-4B5A0953F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F6C1E95-ACA1-467C-B83C-D181A5C2E7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C10EFA4D-BC0A-47DA-BBF6-7CC7A71ABC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBAA823-61A6-4A63-B348-5358152E02FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8432155-FC1D-454B-AADE-91845E4D4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4BA44-4C22-448B-BB57-3B150309E7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEFFCF5-60B3-4299-842C-736B5A0A9E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0175BDCC-B3A5-48A7-AE77-AE9BBFCB292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "965280FF-E31E-4027-81AF-984DBB2D20C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DD8B58-4D71-4E24-A3BB-15FF14AC1ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B900603-6D38-4602-94B4-6DB37BF0FC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C3FA521A-6593-4A5B-A582-3E9DA804C973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16C95AAB-A346-43BE-B2ED-6D52835EDA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D0F246-7839-4DD7-A73F-64AD1CFCB643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA67F43-1CC3-42B1-84CB-6FD458B6EC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "018A50A3-E79C-4CDF-9AAD-60CB97A5141B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACCC146-D248-4199-9C60-B9499586C3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A762BEF8-C457-423C-A3A6-8ED49E503F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CC962AF4-4FA6-421A-8F9B-B425E1E48E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8973E6-02D9-4EDC-92FD-C8789851CE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5948A9DB-8CD3-4AB6-BAD4-B1341F4E3C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99A88B-01CD-4AED-9FF5-31DBE0513E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9D573F-4426-4608-A1AB-DD169EC83CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47F48DCD-9AB8-4FD0-90B7-5CA8C54ED97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D359463-9BC3-451C-8576-2FEFC3123CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "91581DD0-044A-41F4-B258-BFF8D3DC60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BEBDD36E-D29F-4D95-81C9-4F51D8F47364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Contao antes de la versi\u00f3n v2.10.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la variable par\u00e1metro PATH_INFO a index.php en una acci\u00f3n (1) teachers.html \u00f3 (2) teachers/ acci\u00f3n."
}
],
"id": "CVE-2011-4335",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-28T11:55:10.313",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-1860 (GCVE-0-2014-1860)
Vulnerability from cvelistv5 – Published: 2020-01-08 15:37 – Updated: 2024-08-06 09:58
VLAI?
Summary
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-database.net/?id=21609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T15:37:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-database.net/?id=21609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/65293",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/65293"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/03/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2014-1860",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-database.net/?id=21609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1860",
"datePublished": "2020-01-08T15:37:35",
"dateReserved": "2014-02-03T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16558 (GCVE-0-2017-16558)
Vulnerability from cvelistv5 – Published: 2019-04-25 16:36 – Updated: 2024-08-05 20:27
VLAI?
Summary
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T16:36:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/de/changelog/versions/4.4.html",
"refsource": "CONFIRM",
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"name": "https://contao.org/en/news/contao-4_4_8.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16558",
"datePublished": "2019-04-25T16:36:49",
"dateReserved": "2017-11-06T00:00:00",
"dateUpdated": "2024-08-05T20:27:03.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20028 (GCVE-0-2018-20028)
Vulnerability from cvelistv5 – Published: 2019-04-17 18:58 – Updated: 2024-08-05 11:51
VLAI?
Summary
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:58:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20028",
"datePublished": "2019-04-17T18:58:45",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10642 (GCVE-0-2019-10642)
Vulnerability from cvelistv5 – Published: 2019-04-17 18:54 – Updated: 2024-08-04 22:31
VLAI?
Summary
Contao 4.7 allows CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:31:59.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:54:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 4.7 allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10642",
"datePublished": "2019-04-17T18:54:30",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:31:59.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10643 (GCVE-0-2019-10643)
Vulnerability from cvelistv5 – Published: 2019-04-17 18:50 – Updated: 2024-08-04 22:32
VLAI?
Summary
Contao 4.7 allows Use of a Key Past its Expiration Date.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:50:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10643",
"datePublished": "2019-04-17T18:50:52",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10641 (GCVE-0-2019-10641)
Vulnerability from cvelistv5 – Published: 2019-04-17 18:46 – Updated: 2024-08-04 22:32
VLAI?
Summary
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:46:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10641",
"datePublished": "2019-04-17T18:46:39",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:32:00.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10993 (GCVE-0-2017-10993)
Vulnerability from cvelistv5 – Published: 2017-07-21 06:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news/contao-3_5_28.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10993",
"datePublished": "2017-07-21T06:00:00",
"dateReserved": "2017-07-07T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0269 (GCVE-0-2015-0269)
Vulnerability from cvelistv5 – Published: 2017-05-26 17:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news/contao-3_2_19.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"name": "https://contao.org/en/news/contao-3_4_4.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0269",
"datePublished": "2017-05-26T17:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1297 (GCVE-0-2012-1297)
Vulnerability from cvelistv5 – Published: 2012-03-19 18:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18527",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18527",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18527",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"name": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html",
"refsource": "MISC",
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"name": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1297",
"datePublished": "2012-03-19T18:00:00",
"dateReserved": "2012-02-27T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4335 (GCVE-0-2011-4335)
Vulnerability from cvelistv5 – Published: 2011-11-28 11:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"name": "http://dev.contao.org/projects/typolight/repository/revisions/1041",
"refsource": "CONFIRM",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4335",
"datePublished": "2011-11-28T11:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1860 (GCVE-0-2014-1860)
Vulnerability from nvd – Published: 2020-01-08 15:37 – Updated: 2024-08-06 09:58
VLAI?
Summary
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-database.net/?id=21609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T15:37:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/65293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-database.net/?id=21609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/65293",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/65293"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/03/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/07/7",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2014-1860",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
},
{
"name": "Exploit Database",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-database.net/?id=21609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1860",
"datePublished": "2020-01-08T15:37:35",
"dateReserved": "2014-02-03T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16558 (GCVE-0-2017-16558)
Vulnerability from nvd – Published: 2019-04-25 16:36 – Updated: 2024-08-05 20:27
VLAI?
Summary
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:03.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T16:36:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/de/changelog/versions/4.4.html",
"refsource": "CONFIRM",
"url": "https://contao.org/de/changelog/versions/4.4.html"
},
{
"name": "https://contao.org/en/news/contao-4_4_8.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-4_4_8.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16558",
"datePublished": "2019-04-25T16:36:49",
"dateReserved": "2017-11-06T00:00:00",
"dateUpdated": "2024-08-05T20:27:03.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20028 (GCVE-0-2018-20028)
Vulnerability from nvd – Published: 2019-04-17 18:58 – Updated: 2024-08-05 11:51
VLAI?
Summary
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:58:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20028",
"datePublished": "2019-04-17T18:58:45",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10642 (GCVE-0-2019-10642)
Vulnerability from nvd – Published: 2019-04-17 18:54 – Updated: 2024-08-04 22:31
VLAI?
Summary
Contao 4.7 allows CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:31:59.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:54:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 4.7 allows CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10642",
"datePublished": "2019-04-17T18:54:30",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:31:59.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10643 (GCVE-0-2019-10643)
Vulnerability from nvd – Published: 2019-04-17 18:50 – Updated: 2024-08-04 22:32
VLAI?
Summary
Contao 4.7 allows Use of a Key Past its Expiration Date.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:01.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:50:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10643",
"datePublished": "2019-04-17T18:50:52",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:32:01.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10641 (GCVE-0-2019-10641)
Vulnerability from nvd – Published: 2019-04-17 18:46 – Updated: 2024-08-04 22:32
VLAI?
Summary
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T18:46:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news.html"
},
{
"name": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10641",
"datePublished": "2019-04-17T18:46:39",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:32:00.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10993 (GCVE-0-2017-10993)
Vulnerability from nvd – Published: 2017-07-21 06:00 – Updated: 2024-08-05 17:57
VLAI?
Summary
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:57.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news/contao-3_5_28.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_5_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10993",
"datePublished": "2017-07-21T06:00:00",
"dateReserved": "2017-07-07T00:00:00",
"dateUpdated": "2024-08-05T17:57:57.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0269 (GCVE-0-2015-0269)
Vulnerability from nvd – Published: 2017-05-26 17:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-26T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://contao.org/en/news/contao-3_2_19.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_2_19.html"
},
{
"name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
},
{
"name": "https://contao.org/en/news/contao-3_4_4.html",
"refsource": "CONFIRM",
"url": "https://contao.org/en/news/contao-3_4_4.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0269",
"datePublished": "2017-05-26T17:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1297 (GCVE-0-2012-1297)
Vulnerability from nvd – Published: 2012-03-19 18:00 – Updated: 2024-08-06 18:53
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18527",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18527",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18527",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18527"
},
{
"name": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html",
"refsource": "MISC",
"url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
},
{
"name": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
},
{
"name": "contao-newsletter-csrf(73479)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
},
{
"name": "48180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1297",
"datePublished": "2012-03-19T18:00:00",
"dateReserved": "2012-02-27T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4335 (GCVE-0-2011-4335)
Vulnerability from nvd – Published: 2011-11-28 11:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"name": "http://dev.contao.org/projects/typolight/repository/revisions/1041",
"refsource": "CONFIRM",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4335",
"datePublished": "2011-11-28T11:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}