PT-2019-11958 · Contao · Contao

Ali Razzaq

Published

2019-04-17

Updated

2022-05-14

CVE-2019-10642

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Contao version 4.7

Description The issue allows for a CSRF attack. Security researcher Ali Razzaq has discovered that the request token check can be bypassed.

Recommendations For Contao version 4.7, as a temporary workaround, consider implementing additional CSRF protection measures until a patch is available. Restrict access to sensitive operations to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-10642

GHSA-HWMH-9JJ9-8C9C

Affected Products

Contao

PT-2019-11958 · Contao · Contao

CVE-2019-10642

Weakness Enumeration

Related Identifiers

Affected Products

References · 10