Contao

Source repositories

CVE	Vendor / Product	CVSS	Published	Description
CVE-2017-16558	Contao Contao	—	Apr 25, 2019	Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVE-2018-20028	Contao Contao	—	Apr 17, 2019	Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
CVE-2019-10642	Contao Contao	—	Apr 17, 2019	Contao 4.7 allows CSRF.
CVE-2019-10643	Contao Contao	—	Apr 17, 2019	Contao 4.7 allows Use of a Key Past its Expiration Date.
CVE-2019-10641	Contao Contao	—	Apr 17, 2019	Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.

CVE-2017-16558Apr 25, 2019
Contao
Contao
risk 0.00cvss —epss 0.00
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVE-2018-20028Apr 17, 2019
Contao
Contao
risk 0.00cvss —epss 0.00
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
CVE-2019-10642Apr 17, 2019
Contao
Contao
risk 0.00cvss —epss 0.00
Contao 4.7 allows CSRF.
CVE-2019-10643Apr 17, 2019
Contao
Contao
risk 0.00cvss —epss 0.00
Contao 4.7 allows Use of a Key Past its Expiration Date.
CVE-2019-10641Apr 17, 2019
Contao
Contao
risk 0.00cvss —epss 0.00
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.