Read the official Contao announcements.
New security hole found in Contao
by Leo Feyer
This afternoon, a new security hole has been found in Contao and unfortunately, it has been published right away instead of giving us a heads up and time to release a patch.
For that reason, we strongly recommend all Contao users to completely delete the
contao/install.php file or to apply
CHMOD 000 to disable it as soon as possible, until we can release new program versions. The vulnerability is critical and allows to execute arbitrary code on the server.
For security reasons, we only release further information upon request.
Back to the news overview.