Vulnerability Database

296,137

Total vulnerabilities in the database

CVE-2024-45604

Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.

  • Published: Sep 17, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-45604
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
contao / contao - 4.13.49