pkg:composer/contao/core-bundle
Type
composer
Namespace
contao
Name
core-bundle
Known advisories, vulnerabilities and fixes for core-bundle package.
Critical
4
High
5
Medium
8
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 4.0.0, < 4.4.1 |
CVE-2017-10993
|
PHP:CONTAO-CORE-BUNDLE-2017-10993 | A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter | high |
2017-07-12T09:09:38
(7 years ago) |
|
Affected | >= 4.0.0, < 4.4.8 |
CVE-2017-16558
|
PHP:CONTAO-CORE-BUNDLE-2017-16558 | SQL injection vulnerabililty in the back end search filter | critical |
2017-11-15T08:51:00
(6 years ago) |
|
Affected | >= 4.5.0, < 4.5.8 >= 4.0.0, < 4.4.18 |
CVE-2018-10125
|
PHP:CONTAO-CORE-BUNDLE-2018-10125 | Cross-site scripting (XSS) vulnerability in the system log of the back end | medium |
2018-04-18T09:29:00
(6 years ago) |
|
Affected | >= 4.6.0, < 4.7.0 >= 4.7.0, < 4.7.3 >= 4.0.0, < 4.4.37 >= 4.5.0, < 4.6.0 |
CVE-2019-10641
|
PHP:CONTAO-CORE-BUNDLE-2019-10641 | Existing sessions are not correctly invalidated when a user changes their password | critical |
2019-04-09T12:21:00
(5 years ago) |
|
Affected | >= 4.7.0, < 4.7.3 |
CVE-2019-10642
|
PHP:CONTAO-CORE-BUNDLE-2019-10642 | The CSRF token check can be bypassed | high |
2019-04-09T12:21:00
(5 years ago) |
|
Affected | >= 4.7.0, < 4.7.3 |
CVE-2019-10643
|
PHP:CONTAO-CORE-BUNDLE-2019-10643 | Confirming an opt-in token does not invalidate previous opt-in tokens | critical |
2019-04-09T12:21:00
(5 years ago) |
|
Affected | >= 4.7.0, < 4.7.5 >= 4.6.0, < 4.7.0 >= 4.1.0, < 4.4.39 >= 4.5.0, < 4.6.0 |
CVE-2019-11512
|
PHP:CONTAO-CORE-BUNDLE-2019-11512 | SQL injection vulnerabililty in the file manager search filter | critical |
2019-04-30T09:20:00
(5 years ago) |
|
Affected | >= 4.8.0, < 4.8.6 >= 4.7.0, < 4.8.0 >= 4.6.0, < 4.7.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.46 |
CVE-2019-19712
|
PHP:CONTAO-CORE-BUNDLE-2019-19712 | Information disclosure in the back end | medium |
2019-12-17T11:43:00
(4 years ago) |
|
Affected | >= 4.8.4, < 4.8.6 |
CVE-2019-19714
|
PHP:CONTAO-CORE-BUNDLE-2019-19714 | Insert tag injection in the login module | medium |
2019-12-17T11:43:00
(4 years ago) |
|
Affected | >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.46 >= 4.6.0, < 4.7.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.8.6 |
CVE-2019-19745
|
PHP:CONTAO-CORE-BUNDLE-2019-19745 | Unrestricted file uploads | high |
2019-12-17T10:32:00
(4 years ago) |
|
Affected | >= 4.9.0, < 4.9.6 >= 4.0.0, < 4.4.52 >= 4.5.0, < 4.6.0 >= 4.10.0, < 4.10.1 >= 4.8.0, < 4.9.0 >= 4.6.0, < 4.7.0 >= 4.7.0, < 4.8.0 |
CVE-2020-25768
|
PHP:CONTAO-CORE-BUNDLE-2020-25768 | Insert tag injection in front end forms | medium |
2020-09-24T11:38:00
(4 years ago) |
|
Affected | >= 4.5.0, < 4.9.16 >= 4.10.0, < 4.11.0 >= 4.11.0, < 4.11.5 |
CVE-2021-35210
|
PHP:CONTAO-CORE-BUNDLE-2021-35210 | Cross-site scripting (XSS) vulnerability in the system log | medium |
2021-06-23T10:08:00
(3 years ago) |
|
Affected | >= 4.6.0, < 4.7.0 >= 4.11.0, < 4.11.7 >= 4.10.0, < 4.11.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.56 >= 4.9.0, < 4.9.18 |
CVE-2021-35955
|
PHP:CONTAO-CORE-BUNDLE-2021-35955 | Cross site scripting via HTML attributes in the back end | medium |
2021-08-11T10:32:20
(3 years ago) |
|
Affected | >= 4.6.0, < 4.7.0 >= 4.10.0, < 4.11.0 >= 4.11.0, < 4.11.7 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.0.0, < 4.4.56 >= 4.5.0, < 4.6.0 >= 4.9.0, < 4.9.18 |
CVE-2021-37626
|
PHP:CONTAO-CORE-BUNDLE-2021-37626 | PHP file inclusion via insert tags | high |
2021-08-11T10:32:20
(3 years ago) |
|
Affected | >= 4.6.0, < 4.7.0 >= 4.11.0, < 4.11.7 >= 4.10.0, < 4.11.0 >= 4.7.0, < 4.8.0 >= 4.8.0, < 4.9.0 >= 4.5.0, < 4.6.0 >= 4.0.0, < 4.4.56 >= 4.9.0, < 4.9.18 |
CVE-2021-37627
|
PHP:CONTAO-CORE-BUNDLE-2021-37627 | Privilege escalation with the form generator | high |
2021-08-11T10:32:20
(3 years ago) |
|
Affected | >= 4.13.0, < 4.13.3 |
CVE-2022-24899
|
PHP:CONTAO-CORE-BUNDLE-2022-24899 | Cross site scripting via canonical URL | medium |
2022-05-05T06:38:47
(2 years ago) |
|
Affected | >= 4.9.0, < 4.9.40 >= 4.13.0, < 4.13.21 >= 5.1.0, < 5.1.4 |
CVE-2023-29200
|
PHP:CONTAO-CORE-BUNDLE-2023-29200 | Directory traversal vulnerability in the file manager | medium |
2023-04-25T09:21:47
(17 months ago) |