Security advisories
Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.
SQL injection in the file manager
Date: 2019-04-30
CVE ID: CVE-2019-11512
Description
David Wind, penetration tester with A1 Digital, has discovered that the SQL injection vulnerability originally published under CVE-2017-16558 can still be exploited in the file manager in Contao 4. The security vulnerability has the identifier CVE-2019-11512.
Affected versions
Contao 4.1
Contao 4.2
Contao 4.3
Contao 4.4 up to 4.4.38
Contao 4.5
Contao 4.6
Contao 4.7 up to 4.7.4
Suggested solution
Update to Contao 4.4.39 or 4.7.5.
Back to the overview.