Name of the Vulnerable Software and Affected Versions contao/core versions 2.x prior to 2.11.17 contao/core versions 3.x prior to 3.2.9

Description The issue is related to arbitrary code execution on the server due to insufficient input validation. Attackers can exploit this by entering a specific URL, which allows them to remove or change pathconfig.php. This can result in the Contao installation becoming inaccessible or malicious code being executed.

Recommendations For contao/core versions 2.x prior to 2.11.17, update to version 2.11.17 or later. For contao/core versions 3.x prior to 3.2.9, update to version 3.2.9 or later.