Improper Neutralization of Special Elements used in a Command ('Command Injection')
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
Advisories for Composer/Contao/Managed-Edition package
2022