Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao.

Invalidating opt-in tokens

Date: 2019-04-09
CVE ID: CVE-2019-10643


Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7.

Affected versions

Contao 4.7 up to 4.7.2

Suggested solution

Update to Contao 4.7.3.

Back to the overview.

Security policy

If you think that you have found a se­cu­ri­ty is­sue in Con­tao, please re­port it ac­cor­ding to our se­cu­ri­ty poli­cy.