VIR Vulnerability Intelligence Relay

Package impact

php Packagist / contao/contao

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-10993 high 8.8 8.8 9y ago Contao Core directory traversal vulnerability
CVE-2025-57759 unknown 9mo ago Contao does not properly manage privileges for page and article fields
CVE-2025-57757 unknown 9mo ago Contao can disclose sensitive information in the news module
CVE-2025-57756 unknown 9mo ago Contao discloses sensitive information in the front end search index
CVE-2025-57758 unknown 9mo ago Contao applies improper access control in the back end voters
CVE-2023-29200 unknown 3y ago Path traversal vulnerability in the file manager
CVE-2019-11512 unknown 4y ago Contao SQL injection in the file manager
CVE-2017-16558 unknown 4y ago Contao SQL injection in the backend and listing module
CVE-2022-24899 unknown 4y ago Cross site scripting via canonical tag in Contao
CVE-2019-10642 unknown 4y ago Contao CSRF Token Bypass
CVE-2019-10641 unknown 4y ago Contao Does Not Invalidate Existing Sessions When Password Changes
CVE-2018-20028 unknown 4y ago Contao Information Disclosure via Access Control Flaws
CVE-2019-10643 unknown 4y ago Contao Does Not Expire Tokens Correctly
CVE-2018-10125 unknown 4y ago Cross-site Scripting in Contao
CVE-2021-35955 unknown 5y ago Cross site scripting via HTML attributes in the back end
CVE-2021-37627 unknown 5y ago Privilege escalation via form generator
CVE-2021-37626 unknown 5y ago PHP file inclusion via insert tags
CVE-2021-35210 unknown 5y ago Cross site scripting in the system log
CVE-2020-25768 unknown 6y ago Contao Insert tag injection in forms
CVE-2019-19714 unknown 7y ago Insert tag injection in the Contao login module
CVE-2019-19712 unknown 7y ago Information disclosure in the Contao backend
CVE-2019-19745 unknown 7y ago Unrestricted file uploads in Contao