Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for contao_cms by contao

    CVE-2014-1860 (GCVE-0-2014-1860)

    Vulnerability from nvd – Published: 2020-01-08 15:37 – Updated: 2024-08-06 09:58
    VLAI
    Summary
    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:58:16.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/65293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
              },
              {
                "name": "Exploit Database",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-database.net/?id=21609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-08T15:37:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/65293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
            },
            {
              "name": "Exploit Database",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-database.net/?id=21609"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/65293",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/65293"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2014/02/03/14",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2014/02/07/7",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
                },
                {
                  "name": "https://packetstormsecurity.com/files/cve/CVE-2014-1860",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
                },
                {
                  "name": "Exploit Database",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-database.net/?id=21609"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1860",
        "datePublished": "2020-01-08T15:37:35.000Z",
        "dateReserved": "2014-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:58:16.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16558 (GCVE-0-2017-16558)

    Vulnerability from nvd – Published: 2019-04-25 16:36 – Updated: 2024-08-05 20:27
    VLAI
    Summary
    Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:27:03.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/de/changelog/versions/4.4.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-4_4_8.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-25T16:36:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/de/changelog/versions/4.4.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-4_4_8.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/de/changelog/versions/4.4.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/de/changelog/versions/4.4.html"
                },
                {
                  "name": "https://contao.org/en/news/contao-4_4_8.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-4_4_8.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16558",
        "datePublished": "2019-04-25T16:36:49.000Z",
        "dateReserved": "2017-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:27:03.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10643 (GCVE-0-2019-10643)

    Vulnerability from nvd – Published: 2019-04-17 18:50 – Updated: 2024-08-04 22:32
    VLAI
    Summary
    Contao 4.7 allows Use of a Key Past its Expiration Date.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:01.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:50:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10643",
        "datePublished": "2019-04-17T18:50:52.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:01.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10642 (GCVE-0-2019-10642)

    Vulnerability from nvd – Published: 2019-04-17 18:54 – Updated: 2024-08-04 22:31
    VLAI
    Summary
    Contao 4.7 allows CSRF.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:31:59.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 4.7 allows CSRF."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:54:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 4.7 allows CSRF."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10642",
        "datePublished": "2019-04-17T18:54:30.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:31:59.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10641 (GCVE-0-2019-10641)

    Vulnerability from nvd – Published: 2019-04-17 18:46 – Updated: 2024-08-04 22:32
    VLAI
    Summary
    Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:00.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:46:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10641",
        "datePublished": "2019-04-17T18:46:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:00.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20028 (GCVE-0-2018-20028)

    Vulnerability from nvd – Published: 2019-04-17 18:58 – Updated: 2024-08-05 11:51
    VLAI
    Summary
    Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:58:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-20028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-20028",
        "datePublished": "2019-04-17T18:58:45.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:51:18.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10993 (GCVE-0-2017-10993)

    Vulnerability from nvd – Published: 2017-07-21 06:00 – Updated: 2024-08-05 17:57
    VLAI
    Summary
    Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://contao.org/en/news/contao-3_5_28.html x_refsource_CONFIRM
    Date Public
    2017-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:57.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_5_28.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-21T05:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_5_28.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10993",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news/contao-3_5_28.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_5_28.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10993",
        "datePublished": "2017-07-21T06:00:00.000Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:57:57.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0269 (GCVE-0-2015-0269)

    Vulnerability from nvd – Published: 2017-05-26 17:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_2_19.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_4_4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-26T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_2_19.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_4_4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-0269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news/contao-3_2_19.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_2_19.html"
                },
                {
                  "name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
                },
                {
                  "name": "https://contao.org/en/news/contao-3_4_4.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_4_4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0269",
        "datePublished": "2017-05-26T17:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1297 (GCVE-0-2012-1297)

    Vulnerability from nvd – Published: 2012-03-19 18:00 – Updated: 2024-08-06 18:53
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:53:37.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18527",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18527"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
              },
              {
                "name": "contao-newsletter-csrf(73479)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
              },
              {
                "name": "48180",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48180"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18527",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18527"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
            },
            {
              "name": "contao-newsletter-csrf(73479)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
            },
            {
              "name": "48180",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48180"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1297",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18527",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18527"
                },
                {
                  "name": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html",
                  "refsource": "MISC",
                  "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
                },
                {
                  "name": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
                },
                {
                  "name": "contao-newsletter-csrf(73479)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
                },
                {
                  "name": "48180",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48180"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1297",
        "datePublished": "2012-03-19T18:00:00.000Z",
        "dateReserved": "2012-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:53:37.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4335 (GCVE-0-2011-4335)

    Vulnerability from nvd – Published: 2011-11-28 11:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
              },
              {
                "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
              },
              {
                "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
            },
            {
              "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
            },
            {
              "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
                },
                {
                  "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
                },
                {
                  "name": "http://dev.contao.org/projects/typolight/repository/revisions/1041",
                  "refsource": "CONFIRM",
                  "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
                },
                {
                  "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
                },
                {
                  "name": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt",
                  "refsource": "MISC",
                  "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4335",
        "datePublished": "2011-11-28T11:00:00.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0508 (GCVE-0-2011-0508)

    Vulnerability from nvd – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev.contao.org/issues/2751 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/70440 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/42899 third-party-advisoryx_refsource_SECUNIA
    http://www.contao.org/news/items/contao-2_9_3.html x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/515691/100… mailing-listx_refsource_BUGTRAQ
    http://www.contao.org/changelog.html x_refsource_CONFIRM
    Date Public
    2011-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:24.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.contao.org/issues/2751"
              },
              {
                "name": "contao-xforwardedfor-xss(64679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
              },
              {
                "name": "70440",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/70440"
              },
              {
                "name": "42899",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.contao.org/news/items/contao-2_9_3.html"
              },
              {
                "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.contao.org/changelog.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.contao.org/issues/2751"
            },
            {
              "name": "contao-xforwardedfor-xss(64679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
            },
            {
              "name": "70440",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/70440"
            },
            {
              "name": "42899",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.contao.org/news/items/contao-2_9_3.html"
            },
            {
              "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.contao.org/changelog.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://dev.contao.org/issues/2751",
                  "refsource": "CONFIRM",
                  "url": "http://dev.contao.org/issues/2751"
                },
                {
                  "name": "contao-xforwardedfor-xss(64679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
                },
                {
                  "name": "70440",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/70440"
                },
                {
                  "name": "42899",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42899"
                },
                {
                  "name": "http://www.contao.org/news/items/contao-2_9_3.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.contao.org/news/items/contao-2_9_3.html"
                },
                {
                  "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
                },
                {
                  "name": "http://www.contao.org/changelog.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.contao.org/changelog.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0508",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2011-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:24.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-1860 (GCVE-0-2014-1860)

    Vulnerability from cvelistv5 – Published: 2020-01-08 15:37 – Updated: 2024-08-06 09:58
    VLAI
    Summary
    Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:58:16.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/65293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
              },
              {
                "name": "Exploit Database",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-database.net/?id=21609"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-08T15:37:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/65293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
            },
            {
              "name": "Exploit Database",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-database.net/?id=21609"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-1860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.securityfocus.com/bid/65293",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/65293"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2014/02/03/14",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2014/02/03/14"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2014/02/07/7",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2014/02/07/7"
                },
                {
                  "name": "https://packetstormsecurity.com/files/cve/CVE-2014-1860",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/cve/CVE-2014-1860"
                },
                {
                  "name": "Exploit Database",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-database.net/?id=21609"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-1860",
        "datePublished": "2020-01-08T15:37:35.000Z",
        "dateReserved": "2014-02-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:58:16.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-16558 (GCVE-0-2017-16558)

    Vulnerability from cvelistv5 – Published: 2019-04-25 16:36 – Updated: 2024-08-05 20:27
    VLAI
    Summary
    Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:27:03.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/de/changelog/versions/4.4.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-4_4_8.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-25T16:36:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/de/changelog/versions/4.4.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-4_4_8.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-16558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/de/changelog/versions/4.4.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/de/changelog/versions/4.4.html"
                },
                {
                  "name": "https://contao.org/en/news/contao-4_4_8.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-4_4_8.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-16558",
        "datePublished": "2019-04-25T16:36:49.000Z",
        "dateReserved": "2017-11-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T20:27:03.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20028 (GCVE-0-2018-20028)

    Vulnerability from cvelistv5 – Published: 2019-04-17 18:58 – Updated: 2024-08-05 11:51
    VLAI
    Summary
    Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2018-12-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:51:18.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:58:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-20028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2018-20028.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-20028",
        "datePublished": "2019-04-17T18:58:45.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:51:18.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10642 (GCVE-0-2019-10642)

    Vulnerability from cvelistv5 – Published: 2019-04-17 18:54 – Updated: 2024-08-04 22:31
    VLAI
    Summary
    Contao 4.7 allows CSRF.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:31:59.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 4.7 allows CSRF."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:54:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10642",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 4.7 allows CSRF."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10642.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10642",
        "datePublished": "2019-04-17T18:54:30.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:31:59.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10643 (GCVE-0-2019-10643)

    Vulnerability from cvelistv5 – Published: 2019-04-17 18:50 – Updated: 2024-08-04 22:32
    VLAI
    Summary
    Contao 4.7 allows Use of a Key Past its Expiration Date.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:01.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:50:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10643",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao 4.7 allows Use of a Key Past its Expiration Date."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10643.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10643",
        "datePublished": "2019-04-17T18:50:52.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:01.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10641 (GCVE-0-2019-10641)

    Vulnerability from cvelistv5 – Published: 2019-04-17 18:46 – Updated: 2024-08-04 22:32
    VLAI
    Summary
    Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:32:00.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T18:46:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-10641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news.html"
                },
                {
                  "name": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/security-vulnerability-cve-2019-10641.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-10641",
        "datePublished": "2019-04-17T18:46:39.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:32:00.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10993 (GCVE-0-2017-10993)

    Vulnerability from cvelistv5 – Published: 2017-07-21 06:00 – Updated: 2024-08-05 17:57
    VLAI
    Summary
    Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://contao.org/en/news/contao-3_5_28.html x_refsource_CONFIRM
    Date Public
    2017-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:57:57.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_5_28.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-21T05:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_5_28.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-10993",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news/contao-3_5_28.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_5_28.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-10993",
        "datePublished": "2017-07-21T06:00:00.000Z",
        "dateReserved": "2017-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:57:57.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0269 (GCVE-0-2015-0269)

    Vulnerability from cvelistv5 – Published: 2017-05-26 17:00 – Updated: 2024-08-06 04:03
    VLAI
    Summary
    Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:03:10.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_2_19.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://contao.org/en/news/contao-3_4_4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-26T16:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_2_19.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://contao.org/en/news/contao-3_4_4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-0269",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated \"back end\" users to view files outside their file mounts or the document root via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://contao.org/en/news/contao-3_2_19.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_2_19.html"
                },
                {
                  "name": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html"
                },
                {
                  "name": "https://contao.org/en/news/contao-3_4_4.html",
                  "refsource": "CONFIRM",
                  "url": "https://contao.org/en/news/contao-3_4_4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-0269",
        "datePublished": "2017-05-26T17:00:00.000Z",
        "dateReserved": "2014-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:03:10.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1297 (GCVE-0-2012-1297)

    Vulnerability from cvelistv5 – Published: 2012-03-19 18:00 – Updated: 2024-08-06 18:53
    VLAI
    Summary
    Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-02-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:53:37.174Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18527",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18527"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
              },
              {
                "name": "contao-newsletter-csrf(73479)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
              },
              {
                "name": "48180",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48180"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18527",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18527"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
            },
            {
              "name": "contao-newsletter-csrf(73479)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
            },
            {
              "name": "48180",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48180"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1297",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18527",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18527"
                },
                {
                  "name": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html",
                  "refsource": "MISC",
                  "url": "http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html"
                },
                {
                  "name": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html"
                },
                {
                  "name": "contao-newsletter-csrf(73479)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73479"
                },
                {
                  "name": "48180",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48180"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1297",
        "datePublished": "2012-03-19T18:00:00.000Z",
        "dateReserved": "2012-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:53:37.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4335 (GCVE-0-2011-4335)

    Vulnerability from cvelistv5 – Published: 2011-11-28 11:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-11-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
              },
              {
                "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
              },
              {
                "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
            },
            {
              "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
            },
            {
              "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
                },
                {
                  "name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/11/21/30"
                },
                {
                  "name": "http://dev.contao.org/projects/typolight/repository/revisions/1041",
                  "refsource": "CONFIRM",
                  "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
                },
                {
                  "name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/11/22/1"
                },
                {
                  "name": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt",
                  "refsource": "MISC",
                  "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4335",
        "datePublished": "2011-11-28T11:00:00.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0508 (GCVE-0-2011-0508)

    Vulnerability from cvelistv5 – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev.contao.org/issues/2751 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/70440 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/42899 third-party-advisoryx_refsource_SECUNIA
    http://www.contao.org/news/items/contao-2_9_3.html x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/515691/100… mailing-listx_refsource_BUGTRAQ
    http://www.contao.org/changelog.html x_refsource_CONFIRM
    Date Public
    2011-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:24.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://dev.contao.org/issues/2751"
              },
              {
                "name": "contao-xforwardedfor-xss(64679)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
              },
              {
                "name": "70440",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/70440"
              },
              {
                "name": "42899",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.contao.org/news/items/contao-2_9_3.html"
              },
              {
                "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.contao.org/changelog.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://dev.contao.org/issues/2751"
            },
            {
              "name": "contao-xforwardedfor-xss(64679)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
            },
            {
              "name": "70440",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/70440"
            },
            {
              "name": "42899",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.contao.org/news/items/contao-2_9_3.html"
            },
            {
              "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.contao.org/changelog.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://dev.contao.org/issues/2751",
                  "refsource": "CONFIRM",
                  "url": "http://dev.contao.org/issues/2751"
                },
                {
                  "name": "contao-xforwardedfor-xss(64679)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64679"
                },
                {
                  "name": "70440",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/70440"
                },
                {
                  "name": "42899",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42899"
                },
                {
                  "name": "http://www.contao.org/news/items/contao-2_9_3.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.contao.org/news/items/contao-2_9_3.html"
                },
                {
                  "name": "20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515691/100/0/threaded"
                },
                {
                  "name": "http://www.contao.org/changelog.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.contao.org/changelog.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0508",
        "datePublished": "2011-01-20T18:00:00.000Z",
        "dateReserved": "2011-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:24.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }