Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
contao / contao 4.7 4.7.x
contao / contao 4.8 4.8.5.x
contao / contao 4.5 4.5.x
contao / contao 4.6 4.6.x
contao / contao 4.4 4.4.45.x
contao / contao 4.0 4.0.x
contao / contao 4.1 4.1.x
contao / contao 4.2 4.2.x
contao / contao 4.3 4.3.x
Composer icon contao / core-bundle 4.0.0 4.4.46
Composer icon contao / core-bundle 4.5.0 4.8.6