CVE-2021-37626: Code Injection

August 11, 2021 (updated August 20, 2021)

Contao is an open source CMS that allows you to create websites and scalable web applications.Update to Contao to resolve. If you cannot update then disable the login for untrusted back end users.

References

contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html
nvd.nist.gov/vuln/detail/CVE-2021-37626

Detect and mitigate CVE-2021-37626 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →