PT-2024-31602 · Contao · Contao
Usdresponsibledisclosure
·
Published
2024-09-17
·
Updated
2024-09-25
·
CVE-2024-45398
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Contao versions prior to 4.13.49
Contao versions prior to 5.3.15
Contao versions prior to 5.4.3
Description:
Contao is an Open Source CMS. In affected versions, a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to mitigate the risk of remote attacks.
Recommendations:
Update to Contao 4.13.49 to resolve the issue.
Update to Contao 5.3.15 to resolve the issue.
Update to Contao 5.4.3 to resolve the issue.
As a temporary workaround, consider configuring your web server so it does not execute PHP files and other scripts in the Contao file upload directory.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contao