Leo Feyer

Name of the Vulnerable Software and Affected Versions: Contao versions 5.0.0 through 5.3.37 Contao versions 5.6.0 through 5.6.0 Description: The table access voter in the back end does not verify if a user has permission to access the corresponding module. As a workaround, do not solely rely on the voter and additionally check `USER CAN ACCESS MODULE`. Recommendations: Update to Contao version 5.3.38. Update to Contao version 5.6.1. As a workaround, do not rely solely on the voter and additionally check `USER CAN ACCESS MODULE`.

**Name of the Vulnerable Software and Affected Versions** Contao versions 4.4.0 through 4.4.51 Contao versions 4.9.0 through 4.9.5 Contao versions 4.10.0 through 4.10.0 **Description** The issue is related to Improper Input Validation, allowing the injection of insert tags in front end forms. These tags will be replaced when the page is rendered. **Recommendations** Update to Contao version 4.4.52. Update to Contao version 4.9.6. Update to Contao version 4.10.1. As a temporary workaround, consider disabling the front end login form. Avoid using form fields with array keys such as `fieldname[]` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.5.7 Description: The issue is related to Cross-Site Scripting (XSS) in the system log. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control. Recommendations: For versions prior to 4.5.7, update to version 4.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the system log to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Contao versions 4.0 through 4.8.5 **Description** The issue allows back end users to manipulate the details view URL, enabling them to show pages and articles that have not been enabled for them. **Recommendations** For Contao versions 4.0 through 4.8.5, update to Contao 4.4.46 or 4.8.6.

**Name of the Vulnerable Software and Affected Versions** Contao versions 4.8.4 through 4.8.5 **Description** The issue concerns improper encoding or escaping of output, allowing the injection of insert tags into the login module. These tags are replaced when the page is rendered. **Recommendations** For Contao versions 4.8.4 and 4.8.5, update to Contao 4.8.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Contao versions 4.0 through 4.8.5 **Description** The issue allows a back end user with access to the form generator to upload arbitrary files and execute them on the server, enabling PHP local file inclusion. This can be exploited by a user with access to the form generator. **Recommendations** Update to Contao 4.4.46 or 4.8.6. As a temporary workaround, configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory.

**Name of the Vulnerable Software and Affected Versions** Contao versions 3.0.0 through 3.5.30 Contao versions 4.0.0 through 4.4.7 **Description** The issue is an SQL injection vulnerability that affects both the back end and the listing module. **Recommendations** For Contao versions 3.0.0 through 3.5.30, update to a version that contains a fix for this issue. For Contao versions 4.0.0 through 4.4.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the listing module and the back end to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Contao versions 3.x through 3.5.36 Contao versions 4.4.x through 4.4.30 Contao versions 4.6.x through 4.6.10 **Description** The issue is related to Incorrect Access Control, which can potentially allow unauthorized access to certain resources or functionality. **Recommendations** For Contao versions 3.x through 3.5.36, update to version 3.5.37 or later. For Contao versions 4.4.x through 4.4.30, update to version 4.4.31 or later. For Contao versions 4.6.x through 4.6.10, update to version 4.6.11 or later.

**Name of the Vulnerable Software and Affected Versions** Contao versions prior to 3.5.28 Contao versions 4.x prior to 4.4.1 **Description** The issue allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL. This can be exploited by a logged-in back-end user who manipulates a URL parameter to include arbitrary PHP files. The attack is limited to existing PHP files on the server, as Contao does not allow uploading PHP files through its file manager. **Recommendations** For Contao versions prior to 3.5.28, update to version 3.5.28 or later. For Contao versions 4.x prior to 4.4.1, update to version 4.4.1 or later. As a temporary workaround, consider restricting access to sensitive PHP files and limiting the ability of back-end users to manipulate URL parameters until a patch is applied.