GHSA-wjx8-cgrm-hh8p, CVE-2019-19745
packagist/contao/contao
Unrestricted Upload of File with Dangerous Type
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
All versions starting from 4.0.0 before 4.4.46, all versions starting from 4.5.0 before 4.8.6
Upgrade to versions 4.4.46, 4.8.6 or above.
2024-02-05
source |