contao/core Security Advisories for 2.6.3 (4)
-
[HIGH] Contao core SQL Injection Vulnerability
PKSA-862k-1hnv-s9dk CVE-2012-4383 GHSA-9jq2-jvwc-p52f
Affected version: <2.11.4
Reported by:
GitHub -
[MEDIUM] A directory traversal vulnerability allows back end users to view files outside their document root
PKSA-mygf-dtyk-5jmz CVE-2015-0269 GHSA-4r6g-xhx7-fm36
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<3.4.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Insufficient input validation allows for code injection and remote execution
PKSA-r8p4-983n-brfy GHSA-wxxw-5gq6-j2g5
Affected version: >=2.0.0,<2.11.17|>=3.0.0,<3.2.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] PHP object injection vulnerability allows for arbitrary code execution
PKSA-kg5m-pjr6-ystg GHSA-wq43-8r5p-w3mc
Affected version: >=2.0.0,<2.11.16|>=3.0.0,<3.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub