First published: Tue Apr 09 2019(Updated: )
Contao 4.7 allows CSRF.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao/contao | >=4.7.0<4.7.3 | |
composer/contao/core-bundle | >=4.7.0<4.7.3 | |
Contao Contao Cms | =4.7.0 | |
composer/contao/core-bundle | >=4.7.0<4.7.3 | 4.7.3 |
composer/contao/contao | >=4.7.0<4.7.3 | 4.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10642 is a vulnerability in Contao 4.7 that allows CSRF attacks.
CVE-2019-10642 has a severity rating of 8.8 (high).
The CSRF token check in Contao 4.7 can be bypassed, enabling attackers to perform CSRF attacks.
Contao versions 4.7.0 up to, but not including, 4.7.3 are affected by CVE-2019-10642. The same applies to core-bundle versions in the same range.
Yes, Contao CMS version 4.7.0 is affected by CVE-2019-10642.
More information about CVE-2019-10642 can be found at the following links: [1](https://contao.org/en/news/security-vulnerability-cve-2019-10642.html), [2](https://contao.org/en/news.html).
CVE-2019-10642 is classified as CWE-352 (Cross-Site Request Forgery).