New security hole found in Contao

This afternoon, a new security hole has been found in Contao and unfortunately, it has been published right away instead of giving us a heads up and time to release a patch.

For that reason, we strongly recommend all Contao users to completely delete the contao/install.php file or to apply CHMOD 000 to disable it as soon as possible, until we can release new program versions. The vulnerability is critical and allows to execute arbitrary code on the server.

For security reasons, we only release further information upon request.