CVE-2024-45398: Contao affected by remote command execution through file upload
Back end users with access to the file manager can upload malicious files and execute them on the server.
References
- contao.org/en/security-advisories/remote-command-execution-through-file-uploads
- github.com/advisories/GHSA-vm6r-j788-hjh5
- github.com/contao/contao
- github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
- github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
- github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
- github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
- nvd.nist.gov/vuln/detail/CVE-2024-45398
Detect and mitigate CVE-2024-45398 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →