contao/contao Security Advisories for 5.4.12 (4)
-
[MEDIUM] Contao does not properly manage privileges for page and article fields
PKSA-1kdh-bqbn-7nqb CVE-2025-57759 GHSA-qqfq-7cpp-hcqj
Affected version: >=5.4.0-RC1,<5.6.1|>=5.3.0,<5.3.38
Reported by:
GitHub -
[MEDIUM] Contao can disclose sensitive information in the news module
PKSA-kh11-db67-t9zk CVE-2025-57757 GHSA-w53m-gxvg-vx7p
Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0-RC1,<5.3.38
Reported by:
GitHub -
[MEDIUM] Contao discloses sensitive information in the front end search index
PKSA-34p6-239r-z7w2 CVE-2025-57756 GHSA-2xmj-8wmq-7475
Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0-RC1,<5.3.38|>=4.9.14,<4.13.56
Reported by:
GitHub -
[MEDIUM] Contao applies improper access control in the back end voters
PKSA-ptp8-kf5w-97c9 CVE-2025-57758 GHSA-7m47-r75r-cx8v
Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0,<5.3.38
Reported by:
GitHub