Contao is susceptible to cross-site request forgery attacks. The vulnerability exists as the server does not verify the authenticity of HTTP requests, allowing a remote attacker to perform unauthorized actions on behalf of the user by tricking a user into visiting a malicious site.
CPE | Name | Operator | Version |
---|---|---|---|
contao/contao | le | 4.7.2 | |
contao/contao | le | 4.6.14 | |
contao/contao | le | 4.4.46 | |
contao/core-bundle | le | 4.7.2 | |
contao/core-bundle | le | 4.6.14 | |
contao/core-bundle | le | 4.4.51 |