pkg:Packagist/contao/core-bundle

共 31 筆 CVECRITICAL4HIGH7MEDIUM17LOW2

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2019-11512Contao SQL injection in the file manager
    >= 4.1.0, < 4.4.39
  • CRITICAL9.8CVE-2017-16558Contao SQL injection in the backend and listing module
    >= 4.0.0, < 4.4.8
  • CRITICAL9.8CVE-2019-10641Contao Does Not Invalidate Existing Sessions When Password Changes
    >= 4.0.0, < 4.4.37
  • CRITICAL9.8CVE-2019-10643Contao Does Not Expire Tokens Correctly
    >= 4.7.0, < 4.7.3
  • HIGH8.8CVE-2019-10642Contao CSRF Token Bypass
    >= 4.7.0, < 4.7.3
  • HIGH8.8CVE-2017-10993Contao Core directory traversal vulnerability
    >= 4.0.0, < 4.4.1
  • HIGH8.8CVE-2019-19745Unrestricted file uploads in Contao
    >= 4.0.0, < 4.4.46
  • HIGH8.3CVE-2024-45398Contao affected by remote command execution through file upload
    >= 4.0.0, < 4.13.49
  • HIGH8.3CVE-2024-28235Contao: Possible cookie sharing with external domains while checking protected pages for broken links
    >= 4.9.0, < 4.13.40
  • HIGH8.0CVE-2021-37627Privilege escalation via form generator
    >= 4.0.0, < 4.4.56
  • HIGH7.2CVE-2022-24899Cross site scripting via canonical tag in Contao
    >= 4.13.0, < 4.13.3
  • MEDIUM6.7CVE-2021-37626PHP file inclusion via insert tags
    >= 4.0.0, < 4.4.56
  • MEDIUM6.6CVE-2025-65960Contao is vulnerable to remote code execution in template closures
    >= 4.0.0, < 4.13.57
  • MEDIUM6.6CVE-2023-36806Cross site scripting via input unit widget
    >= 4.0.0, < 4.9.42
  • MEDIUM6.1CVE-2018-10125Cross-site Scripting in Contao
    >= 4.0.0, < 4.4.18
  • MEDIUM6.1CVE-2021-35210Cross site scripting in the system log
    >= 4.5.0, < 4.9.16
  • MEDIUM5.9CVE-2024-30262Contao: Remember-me tokens will not be cleared after a password change
    from 0, < 4.13.40
  • MEDIUM5.9CVE-2021-35955Cross site scripting via HTML attributes in the back end
    >= 4.0.0, < 4.4.56
  • MEDIUM5.4CVE-2024-28190Contao: Cross site scripting in the file manager
    >= 4.0.0, < 4.13.40
  • MEDIUM5.3CVE-2025-57757Contao can disclose sensitive information in the news module
    >= 5.0.0-RC1, < 5.3.38
  • MEDIUM5.3CVE-2025-57756Contao discloses sensitive information in the front end search index
    >= 4.9.14, < 4.13.56
  • MEDIUM5.3CVE-2024-45612Contao affected by insert tag injection via canonical URL
    >= 4.13.0, < 4.13.49
  • MEDIUM5.3CVE-2020-25768Contao Insert tag injection in forms
    >= 4.0.0, < 4.4.52
  • MEDIUM5.3CVE-2019-19714Insert tag injection in the Contao login module
    >= 4.8.4, < 4.8.6
  • MEDIUM5.3CVE-2019-19712Information disclosure in the Contao backend
    >= 4.0.0, < 4.4.46
  • MEDIUM4.3CVE-2025-57759Contao does not properly manage privileges for page and article fields
    >= 5.3.0, < 5.3.38
  • MEDIUM4.3CVE-2025-57758Contao applies improper access control in the back end voters
    >= 5.0.0, < 5.3.38
  • MEDIUM4.3CVE-2024-45604Contao affected by directory traversal in the file selector widget
    from 0, < 4.13.49
  • LOW3.3CVE-2025-65961Contao is vulnerable to cross-site scripting in templates
    >= 4.0.0, < 4.13.57
  • LOW3.1CVE-2024-28191Contao: Unencoded insert tags in the frontend
    >= 4.0.0, < 4.13.40
  • CVE-2025-29790Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
    >= 4.0.0, < 4.13.54