pkg:composer/contao/core
Type
composer
Namespace
contao
Name
core
Known advisories, vulnerabilities and fixes for core package.
- Repository
- https://packagist.org/packages/contao/core
Critical
2
High
1
Medium
4
None
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 2.0.0, < 2.11.16 >= 3.0.0, < 3.2.7 | PHP:CONTAO-CORE-2014-02-13 | PHP object injection vulnerability allows for arbitrary code execution |
2014-02-13T11:12:34
(10 years ago) |
|||
Affected | >= 3.0.0, < 3.2.9 >= 2.0.0, < 2.11.17 | PHP:CONTAO-CORE-2014-04-07 | Insufficient input validation allows for code injection and remote execution |
2014-04-07T10:30:27
(10 years ago) |
|||
Affected | >= 3.0.0, < 3.4.4 >= 2.0.0, < 3.0.0 |
CVE-2015-0269
|
PHP:CONTAO-CORE-2015-0269 | A directory traversal vulnerability allows back end users to view files outside their document root | medium |
2015-02-12T13:44:11
(9 years ago) |
|
Affected | >= 3.0.0, < 3.5.15 |
CVE-2016-4567
|
PHP:CONTAO-CORE-2016-4567 | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967) | medium |
2016-07-15T08:22:14
(8 years ago) |
|
Affected | >= 3.0.0, < 3.5.28 |
CVE-2017-10993
|
PHP:CONTAO-CORE-2017-10993 | A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter | high |
2017-07-12T07:10:24
(7 years ago) |
|
Affected | >= 3.0.0, < 3.5.31 |
CVE-2017-16558
|
PHP:CONTAO-CORE-2017-16558 | SQL injection vulnerabililty in the back end search filter and the front end listing module | critical |
2017-11-15T08:53:00
(6 years ago) |
|
Affected | >= 3.0.0, < 3.5.35 |
CVE-2018-10125
|
PHP:CONTAO-CORE-2018-10125 | Cross-site scripting (XSS) vulnerability in the system log of the back end | medium |
2018-04-18T09:51:00
(6 years ago) |
|
Affected | >= 3.0.0, < 3.5.32 |
CVE-2018-5478
|
PHP:CONTAO-CORE-2018-5478 | XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension | medium |
2018-01-18T09:14:00
(6 years ago) |
|
Affected | >= 3.0.0, < 3.5.39 |
CVE-2019-10641
|
PHP:CONTAO-CORE-2019-10641 | Existing sessions are not correctly invalidated when a user changes their password | critical |
2019-04-09T10:24:00
(5 years ago) |