CVE-2019-19745: Unrestricted Upload of File with Dangerous Type

December 17, 2019 (updated December 18, 2019)

Contao allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

References

contao.org/en/news.html
contao.org/en/security-advisories/unrestricted-file-uploads.html
nvd.nist.gov/vuln/detail/CVE-2019-19745

Detect and mitigate CVE-2019-19745 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →