contao/contao Security Advisories for 4.4.44 (6)
-
[HIGH] Privilege escalation with the form generator
PKSA-vfyp-1pdz-qxfn CVE-2021-37627 GHSA-hq5m-mqmx-fw6m
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] PHP file inclusion via insert tags
PKSA-33hj-wh6g-5wzq CVE-2021-37626 GHSA-r6mv-ppjc-4hgr
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Cross site scripting via HTML attributes in the back end
PKSA-rc7z-49pc-5drp CVE-2021-35955 GHSA-hr3h-x6gq-rqcp
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Insert tag injection in front end forms
PKSA-1cjk-ccfw-jwsc CVE-2020-25768 GHSA-f7wm-x4gw-6m23
Affected version: >=4.0.0,<4.4.52|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.6|>=4.10.0,<4.10.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Unrestricted file uploads
PKSA-7m3q-k7b1-ks8c CVE-2019-19745 GHSA-wjx8-cgrm-hh8p
Affected version: >=4.0.0,<4.4.46|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.8.6
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Information disclosure in the back end
PKSA-s9yr-nm3n-mqqp CVE-2019-19712 GHSA-4mvc-qc5w-v5qr
Affected version: >=4.0.0,<4.4.46|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.8.6
Reported by:
FriendsOfPHP/security-advisories, GitHub