6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.8%
It is possible for untrusted users to gain administrator rights with the form generator.
Installations are only affected if there are untrusted back end users with access to the form generator.
Update to Contao 4.4.56, 4.9.18 or 4.11.7.
Disable the form generator or disable the login for untrusted back end users.
https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator
If you have any questions or comments about this advisory, open an issue in contao/contao.
CPE | Name | Operator | Version |
---|---|---|---|
contao/contao | lt | 4.11.7 | |
contao/contao | lt | 4.9.18 | |
contao/contao | lt | 4.4.56 | |
contao/core-bundle | lt | 4.11.7 | |
contao/core-bundle | lt | 4.9.18 | |
contao/core-bundle | lt | 4.4.56 |
contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html
github.com/advisories/GHSA-hq5m-mqmx-fw6m
github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m
github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml
nvd.nist.gov/vuln/detail/CVE-2021-37627
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
42.8%