Contao news

Read the official Contao announcements.

Security vulnerability CVE-2019-11512


David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier CVE-2019-11512.

The problem affects all Contao versions as of Contao 4.1 and has been fixed in Contao 4.4.39 and Contao 4.7.5.

Back to news overview.


Add a comment

Please calculate 9 plus 7.