Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.
Bypassing the request token check
by Leo Feyer
CVE ID: CVE-2019-10642
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7
Contao 4.7 up to 4.7.2
Update to Contao 4.7.3.