CVE-2019-19745

CVE-2019-19745

EPSS 1.1%

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://contao.org/en/news.html https://contao.org/en/security-advisories/unrestricted-file-uploads.html