Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users.
References
Link | Resource |
---|---|
https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html | Vendor Advisory |
https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-08-11T22:20:10
Updated: 2021-08-11T22:20:10
Reserved: 2021-07-29T00:00:00
Link: CVE-2021-37626
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-11T23:15:07.750
Modified: 2021-08-20T18:37:54.603
Link: CVE-2021-37626
JSON object: View
Redhat Information
No data.
CWE