Lucene search
Veracode Vulnerability DatabaseVERACODE:13640HistoryApr 15, 2019 - 5:28 a.m.
Cross-site Request Forgery (CSRF)
2019-04-1505:28:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
30.9%
Contao is susceptible to cross-site request forgery attacks. The vulnerability exists as the server does not verify the authenticity of HTTP requests, allowing a remote attacker to perform unauthorized actions on behalf of the user by tricking a user into visiting a malicious site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contao/contao | le | 4.7.2 | |
| contao/contao | le | 4.6.14 | |
| contao/contao | le | 4.4.46 | |
| contao/core-bundle | le | 4.7.2 | |
| contao/core-bundle | le | 4.6.14 | |
| contao/core-bundle | le | 4.4.51 |
Related
contao
contao
Bypassing the request token check
2019-04-09 00:00:00
nvd
nvd
CVE-2019-10642
2019-04-17 19:29:00
cve
cve
CVE-2019-10642
2019-04-17 19:29:00
friendsofphp
friendsofphp
The CSRF token check can be bypassed
2019-04-09 12:21:00
The CSRF token check can be bypassed
2019-04-09 12:21:00
osv
osv
Contao CSRF Token Bypass
2022-05-14 01:09:23
CVE-2019-10642
2019-04-17 19:29:00
github
github
Contao CSRF Token Bypass
2022-05-14 01:09:23
cvelist
cvelist
CVE-2019-10642
2019-04-17 18:54:30
prion
prion
Cross site request forgery (csrf)
2019-04-17 19:29:00