Security advisories
Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.
Invalidating opt-in tokens
by Leo Feyer
Date: 2019-04-09
CVE ID: CVE-2019-10643
Description
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7.
Affected versions
Contao 4.7 up to 4.7.2
Suggested solution
Update to Contao 4.7.3.