pkg:composer/contao/core-bundle

Type composer

Namespace contao

Name core-bundle

Known advisories, vulnerabilities and fixes for core-bundle package.

Repository: https://packagist.org/packages/contao/core-bundle

Critical 4

High 5

Medium 8

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 4.0.0, < 4.4.1		CVE-2017-10993	PHP:CONTAO-CORE-BUNDLE-2017-10993	A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter	high	2017-07-12T09:09:38 (7 years ago)
Affected	>= 4.0.0, < 4.4.8		CVE-2017-16558	PHP:CONTAO-CORE-BUNDLE-2017-16558	SQL injection vulnerabililty in the back end search filter	critical	2017-11-15T08:51:00 (6 years ago)
Affected	>= 4.5.0, < 4.5.8 >= 4.0.0, < 4.4.18		CVE-2018-10125	PHP:CONTAO-CORE-BUNDLE-2018-10125	Cross-site scripting (XSS) vulnerability in the system log of the back end	medium	2018-04-18T09:29:00 (6 years ago)
Affected	>= 4.6.0, < 4.7.0 >= 4.7.0, < 4.7.3 >= 4.0.0, < 4.4.37 >= 4.5.0, < 4.6.0		CVE-2019-10641	PHP:CONTAO-CORE-BUNDLE-2019-10641	Existing sessions are not correctly invalidated when a user changes their password	critical	2019-04-09T12:21:00 (5 years ago)
Affected	>= 4.7.0, < 4.7.3		CVE-2019-10642	PHP:CONTAO-CORE-BUNDLE-2019-10642	The CSRF token check can be bypassed	high	2019-04-09T12:21:00 (5 years ago)
Affected	>= 4.7.0, < 4.7.3		CVE-2019-10643	PHP:CONTAO-CORE-BUNDLE-2019-10643	Confirming an opt-in token does not invalidate previous opt-in tokens	critical	2019-04-09T12:21:00 (5 years ago)
Affected	>= 4.7.0, < 4.7.5 >= 4.6.0, < 4.7.0 >= 4.1.0, < 4.4.39 >= 4.5.0, < 4.6.0		CVE-2019-11512	PHP:CONTAO-CORE-BUNDLE-2019-11512	SQL injection vulnerabililty in the file manager search filter	critical	2019-04-30T09:20:00 (5 years ago)
Affected	>= 4.8.0, < 4.8.6 >= 4.7.0, < 4.8.0 >= 4.6.0, < 4.7.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.46		CVE-2019-19712	PHP:CONTAO-CORE-BUNDLE-2019-19712	Information disclosure in the back end	medium	2019-12-17T11:43:00 (4 years ago)
Affected	>= 4.8.4, < 4.8.6		CVE-2019-19714	PHP:CONTAO-CORE-BUNDLE-2019-19714	Insert tag injection in the login module	medium	2019-12-17T11:43:00 (4 years ago)
Affected	>= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.46 >= 4.6.0, < 4.7.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.8.6		CVE-2019-19745	PHP:CONTAO-CORE-BUNDLE-2019-19745	Unrestricted file uploads	high	2019-12-17T10:32:00 (4 years ago)
Affected	>= 4.9.0, < 4.9.6 >= 4.0.0, < 4.4.52 >= 4.5.0, < 4.6.0 >= 4.10.0, < 4.10.1 >= 4.8.0, < 4.9.0 >= 4.6.0, < 4.7.0 >= 4.7.0, < 4.8.0		CVE-2020-25768	PHP:CONTAO-CORE-BUNDLE-2020-25768	Insert tag injection in front end forms	medium	2020-09-24T11:38:00 (4 years ago)
Affected	>= 4.5.0, < 4.9.16 >= 4.10.0, < 4.11.0 >= 4.11.0, < 4.11.5		CVE-2021-35210	PHP:CONTAO-CORE-BUNDLE-2021-35210	Cross-site scripting (XSS) vulnerability in the system log	medium	2021-06-23T10:08:00 (3 years ago)
Affected	>= 4.6.0, < 4.7.0 >= 4.11.0, < 4.11.7 >= 4.10.0, < 4.11.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.56 >= 4.9.0, < 4.9.18		CVE-2021-35955	PHP:CONTAO-CORE-BUNDLE-2021-35955	Cross site scripting via HTML attributes in the back end	medium	2021-08-11T10:32:20 (3 years ago)
Affected	>= 4.6.0, < 4.7.0 >= 4.10.0, < 4.11.0 >= 4.11.0, < 4.11.7 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.0.0, < 4.4.56 >= 4.5.0, < 4.6.0 >= 4.9.0, < 4.9.18		CVE-2021-37626	PHP:CONTAO-CORE-BUNDLE-2021-37626	PHP file inclusion via insert tags	high	2021-08-11T10:32:20 (3 years ago)
Affected	>= 4.6.0, < 4.7.0 >= 4.11.0, < 4.11.7 >= 4.10.0, < 4.11.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.56 >= 4.9.0, < 4.9.18		CVE-2021-37627	PHP:CONTAO-CORE-BUNDLE-2021-37627	Privilege escalation with the form generator	high	2021-08-11T10:32:20 (3 years ago)
Affected	>= 4.13.0, < 4.13.3		CVE-2022-24899	PHP:CONTAO-CORE-BUNDLE-2022-24899	Cross site scripting via canonical URL	medium	2022-05-05T06:38:47 (2 years ago)
Affected	>= 4.9.0, < 4.9.40 >= 4.13.0, < 4.13.21 >= 5.1.0, < 5.1.4		CVE-2023-29200	PHP:CONTAO-CORE-BUNDLE-2023-29200	Directory traversal vulnerability in the file manager	medium	2023-04-25T09:21:47 (17 months ago)