First published: Wed Apr 17 2019(Updated: )
Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Contao Contao Cms | >=3.0.0<3.5.37 | |
Contao Contao Cms | >=4.4.0<4.4.31 | |
Contao Contao Cms | >=4.6.0<4.6.11 | |
composer/contao/contao | >=4.4.0<4.4.31 | 4.4.31 |
composer/contao/contao | >=4.6.0<4.6.11 | 4.6.11 |
composer/contao/contao | >=3.0.0<3.5.37 | 3.5.37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Contao issue is CVE-2018-20028.
CVE-2018-20028 has a severity level of medium (6.5).
Contao 3.x before 3.5.37, 4.4.x before 4.4.31, and 4.6.x before 4.6.11 have an Incorrect Access Control vulnerability.
The Incorrect Access Control vulnerability in Contao CMS allows unauthorized access to restricted functionality.
To fix the Incorrect Access Control vulnerability, update Contao CMS to version 3.5.37, 4.4.31, or 4.6.11 or later.