contao/core-bundle is vulnerable to local file inclusion. insert
tags can be injected into the login module which will be replaced when the page is rendered. This could potentially allow for arbitrary code execution when an attacker is able to upload a malicious file into the server.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core-bundle | le | 4.8.5 |