Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)

Description

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

Remediation

References

CVE-2019-19712

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1134)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress SQL Injection (3.7.39)

PHP Use After Free Vulnerability (CVE-2016-7413)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Cross-Site Scripting (1.8.7.2)

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Severity

Medium

Classification

CVE-2019-19712 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities