pkg:Packagist/contao/contao

22 total CVEsCRITICAL4HIGH6MEDIUM12

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2019-11512Contao SQL injection in the file manager
    >= 4.1.0, < 4.4.39
  • CRITICAL9.8CVE-2017-16558Contao SQL injection in the backend and listing module
    >= 3.0.0, <= 3.5.30
  • CRITICAL9.8CVE-2019-10641Contao Does Not Invalidate Existing Sessions When Password Changes
    >= 4.0.0, < 4.4.37
  • CRITICAL9.8CVE-2019-10643Contao Does Not Expire Tokens Correctly
    >= 4.7.0, < 4.7.3
  • HIGH8.8CVE-2023-29200Path traversal vulnerability in the file manager
    >= 4.9.0, < 4.9.40
  • HIGH8.8CVE-2019-10642Contao CSRF Token Bypass
    >= 4.7.0, < 4.7.3
  • HIGH8.8CVE-2017-10993Contao Core directory traversal vulnerability
    >= 4.0.0, < 4.4.1
  • HIGH8.8CVE-2019-19745Unrestricted file uploads in Contao
    >= 4.0.0, < 4.4.46
  • HIGH8.0CVE-2021-37627Privilege escalation via form generator
    >= 4.0.0, < 4.4.56
  • HIGH7.2CVE-2022-24899Cross site scripting via canonical tag in Contao
    >= 4.13.0, < 4.13.3
  • MEDIUM6.7CVE-2021-37626PHP file inclusion via insert tags
    >= 4.0.0, < 4.4.56
  • MEDIUM6.5CVE-2018-20028Contao Information Disclosure via Access Control Flaws
    >= 3.0.0, < 3.5.37
  • MEDIUM6.1CVE-2018-10125Cross-site Scripting in Contao
    >= 4.0.0, < 4.4.18
  • MEDIUM6.1CVE-2021-35210Cross site scripting in the system log
    >= 4.5.0, < 4.9.16
  • MEDIUM5.9CVE-2021-35955Cross site scripting via HTML attributes in the back end
    >= 4.0.0, < 4.4.56
  • MEDIUM5.3CVE-2025-57757Contao can disclose sensitive information in the news module
    >= 5.0.0-RC1, < 5.3.38
  • MEDIUM5.3CVE-2025-57756Contao discloses sensitive information in the front end search index
    >= 4.9.14, < 4.13.56
  • MEDIUM5.3CVE-2020-25768Contao Insert tag injection in forms
    >= 4.0.0, < 4.4.52
  • MEDIUM5.3CVE-2019-19714Insert tag injection in the Contao login module
    >= 4.8.4, < 4.8.6
  • MEDIUM5.3CVE-2019-19712Information disclosure in the Contao backend
    >= 4.0.0, < 4.4.46
  • MEDIUM4.3CVE-2025-57759Contao does not properly manage privileges for page and article fields
    >= 5.3.0, < 5.3.38
  • MEDIUM4.3CVE-2025-57758Contao applies improper access control in the back end voters
    >= 5.0.0, < 5.3.38