CVE-2019-19745

Unrestricted Upload of File with Dangerous Type in packagist/contao/contao

Identifiers

GHSA-wjx8-cgrm-hh8p, CVE-2019-19745

Package Slug

packagist/contao/contao

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

Affected Versions

All versions starting from 4.0.0 before 4.4.46, all versions starting from 4.5.0 before 4.8.6

Solution

Upgrade to versions 4.4.46, 4.8.6 or above.

Last Modified

2024-02-05

source