CVE-2019-19712
First published: Tue Dec 17 2019(Updated: )
### Impact Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. ### Patches Update to Contao 4.4.46 or 4.8.6. ### Workarounds None. ### References https://contao.org/en/security-advisories/information-disclosure-in-the-back-end ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/contao/core-bundle | >=4.0.0<4.4.46>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.8.0>=4.8.0<4.8.6 | |
| composer/contao/contao | >=4.0.0<4.4.46>=4.5.0<4.6.0>=4.6.0<4.7.0>=4.7.0<4.8.0>=4.8.0<4.8.6 | |
| composer/contao/core-bundle | >=4.5.0<4.8.6 | 4.8.6 |
| composer/contao/core-bundle | >=4.0.0<4.4.46 | 4.4.46 |
| Contao Contao | >=4.4.0<=4.4.45 | |
| Contao Contao | >=4.8<=4.8.5 | |
| Contao Contao | =4.0 | |
| Contao Contao | =4.1 | |
| Contao Contao | =4.2 | |
| Contao Contao | =4.3 | |
| Contao Contao | =4.5 | |
| Contao Contao | =4.6 | |
| Contao Contao | =4.7 | |
| composer/contao/contao | >=4.5.0<4.8.6 | 4.8.6 |
| composer/contao/contao | >=4.0.0<4.4.46 | 4.4.46 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html
- https://github.com/contao/contao/security/advisories/GHSA-4mvc-qc5w-v5qr
- https://nvd.nist.gov/vuln/detail/CVE-2019-19712
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19712.yaml
- https://github.com/advisories/GHSA-4mvc-qc5w-v5qr (Advisory)
- https://contao.org/en/news.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19712.yaml
Frequently Asked Questions
What is the impact of CVE-2019-19712?
Backend users can manipulate the details view URL to show pages and articles that have not been enabled for them.
How can I patch CVE-2019-19712?
Update to Contao 4.4.46 or 4.8.6.
Are there any workarounds for CVE-2019-19712?
No, there are no workarounds available.
What is the severity rating of CVE-2019-19712?
The severity rating of CVE-2019-19712 is medium, with a severity value of 5.3.
Where can I find more information about CVE-2019-19712?
You can find more information about CVE-2019-19712 on the Contao security advisory page, the GitHub advisory page, and the NVD website.
- collector/friends-of-php
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4mvc-qc5w-v5qr
- alias/CVE-2019-19712
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/description
- collector/nvd-cve
- source/NVD
- agent/tags
- collector/github-advisory
- package-manager/composer
- vendor/contao
- canonical/contao contao
- version/contao contao/4.4.0
- version/contao contao/4.4.45
- version/contao contao/4.8
- version/contao contao/4.8.5
- version/contao contao/4.0
- version/contao contao/4.1
- version/contao contao/4.2
- version/contao contao/4.3
- version/contao contao/4.5
- version/contao contao/4.6
- version/contao contao/4.7