Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7
CPE | Name | Operator | Version |
---|---|---|---|
contao/core-bundle | eq | 4.7.1 | |
contao/core-bundle | eq | 4.7.0 | |
contao/contao | eq | 4.7.0 | |
contao/core-bundle | eq | 4.7.2 | |
contao/contao | eq | 4.7.2 | |
contao/contao | eq | 4.7.1 |
contao.org/en/news.html
contao.org/en/news/security-vulnerability-cve-2019-10642.html
github.com/contao/contao
github.com/contao/contao/commit/ee2c8130c2e68a1d0d2e75bd6b774c4393942b15
github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10642.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10642.yaml
nvd.nist.gov/vuln/detail/CVE-2019-10642