Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao.

Date: 2015-02-12
CVE ID: CVE-2015-0269

Back end users can list files outside their file mounts or the document root. The problem affects all Contao versions and has been fixed in Contao 3.4.4.

Security policy

If you think that you have found a se­cu­ri­ty is­sue in Con­tao, please re­port it ac­cor­ding to our se­cu­ri­ty poli­cy.