CVE-2018-20028: Contao Information Disclosure via Access Control Flaws

May 13, 2022 (updated April 25, 2024)

Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.

References

contao.org/en/news/security-vulnerability-cve-2018-20028.html
github.com/advisories/GHSA-q99w-j4mj-7hj8
github.com/contao/contao/commit/bbe5fe1d385cd1195670e2d6b972272133443c59
nvd.nist.gov/vuln/detail/CVE-2018-20028

Detect and mitigate CVE-2018-20028 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →