CVE-2022-26265

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Contao Managed Edition version 1.5.0

Description A remote command execution issue was discovered, allowing for potential exploitation via the php cli parameter. This could lead to unauthorized execution of commands.

Recommendations For Contao Managed Edition version 1.5.0, consider disabling the php cli parameter as a temporary workaround until a patch is available. Restrict access to the component utilizing the php cli parameter to minimize the risk of exploitation.

Exploit

Fix

RCE

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2022-26265

GHSA-RGGC-4G3R-J7FF

Affected Products

Contao Managed Edition

CVE-2022-26265

Weakness Enumeration

Related Identifiers

Affected Products

References · 8