Contao

Contao is an open source content management system (CMS) for people who want a professional internet presence that is easy to maintain. The state-of-the-art structure of the system offers a high security standard and allows you to develop search engine friendly websites that are also accessible for people with disabilities. Furthermore the system can be expanded flexibly and inexpensively.

Severity Summary:

Critical: 5 High: 8 Medium: 21
Reference
Title
Severity
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
Contao Key Management Errors Vulnerability
Critical
Contao Deserialization of Untrusted Data Vulnerability
Critical
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
Contao Improper Control of Generation of Code (Code Injection) Vulnerability
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability
High
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
Contao Insufficient Session Expiration Vulnerability
High
Contao Cross-Site Request Forgery (CSRF) Vulnerability
High
Contao Improper Privilege Management Vulnerability
High
Contao Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Input Validation Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
Contao Cross-Site Request Forgery (CSRF) Vulnerability
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium