Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Contao

Contao is an open source content management system (CMS) for people who want a professional internet presence that is easy to maintain. The state-of-the-art structure of the system offers a high security standard and allows you to develop search engine friendly websites that are also accessible for people with disabilities. Furthermore the system can be expanded flexibly and inexpensively.

Official Site:

https://contao.org/en/

Severity Summary:

Critical: 5 High: 8 Medium: 21
Reference
Title
Severity
CVE-2019-11512
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2017-16558
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2019-10643
Contao Key Management Errors Vulnerability
Critical
CVE-2014-1860
Contao Deserialization of Untrusted Data Vulnerability
Critical
CVE-2019-10641
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Critical
CVE-2012-4383
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-37626
Contao Improper Control of Generation of Code (Code Injection) Vulnerability
High
CVE-2019-19745
Contao Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2024-45398
Contao Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2017-10993
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2024-30262
Contao Insufficient Session Expiration Vulnerability
High
CVE-2019-10642
Contao Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-37627
Contao Improper Privilege Management Vulnerability
High
CVE-2024-28234
Contao Vulnerability
Medium
CVE-2024-28190
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-45604
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2024-45612
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
CVE-2018-5478
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-28235
Contao Vulnerability
Medium
CVE-2023-36806
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-29200
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2018-10125
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-24899
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-35955
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-35210
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-25768
Contao Improper Input Validation Vulnerability
Medium
CVE-2011-0508
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2011-4335
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2012-1297
Contao Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2015-0269
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium