Package impact

Packagist / contao/contao

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2017-10993	high	8.8	8.8	9y ago	Contao Core directory traversal vulnerability
CVE-2025-57759	unknown	—	—	9mo ago	Contao does not properly manage privileges for page and article fields
CVE-2025-57757	unknown	—	—	9mo ago	Contao can disclose sensitive information in the news module
CVE-2025-57756	unknown	—	—	9mo ago	Contao discloses sensitive information in the front end search index
CVE-2025-57758	unknown	—	—	9mo ago	Contao applies improper access control in the back end voters
CVE-2023-29200	unknown	—	—	3y ago	Path traversal vulnerability in the file manager
CVE-2019-11512	unknown	—	—	4y ago	Contao SQL injection in the file manager
CVE-2017-16558	unknown	—	—	4y ago	Contao SQL injection in the backend and listing module
CVE-2022-24899	unknown	—	—	4y ago	Cross site scripting via canonical tag in Contao
CVE-2019-10642	unknown	—	—	4y ago	Contao CSRF Token Bypass
CVE-2019-10641	unknown	—	—	4y ago	Contao Does Not Invalidate Existing Sessions When Password Changes
CVE-2018-20028	unknown	—	—	4y ago	Contao Information Disclosure via Access Control Flaws
CVE-2019-10643	unknown	—	—	4y ago	Contao Does Not Expire Tokens Correctly
CVE-2018-10125	unknown	—	—	4y ago	Cross-site Scripting in Contao
CVE-2021-35955	unknown	—	—	5y ago	Cross site scripting via HTML attributes in the back end
CVE-2021-37627	unknown	—	—	5y ago	Privilege escalation via form generator
CVE-2021-37626	unknown	—	—	5y ago	PHP file inclusion via insert tags
CVE-2021-35210	unknown	—	—	5y ago	Cross site scripting in the system log
CVE-2020-25768	unknown	—	—	6y ago	Contao Insert tag injection in forms
CVE-2019-19714	unknown	—	—	7y ago	Insert tag injection in the Contao login module
CVE-2019-19712	unknown	—	—	7y ago	Information disclosure in the Contao backend
CVE-2019-19745	unknown	—	—	7y ago	Unrestricted file uploads in Contao