Vulnerability Database
296,137
Total vulnerabilities in the database
contao/core PHP object injection vulnerability allows for arbitrary code execution
PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize() function.
| Software | From | Fixed in |
|---|---|---|
contao / core
|
2.0.0 | 2.11.14 |
|
contao / core
|
3.0.0 | 3.2.5 |
- https://contao.org/en/news/major-security-hole-found-in-contao.html
- https://github.com/contao/core/commit/d67c46c1f1283134e3050244cfdda0ef26fa5cd4
- https://github.com/contao/core/commit/f939b5be8a0048ef779def3289e2072febef1b37
- https://github.com/contao/core/issues/6695
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/2014-02-13.yaml