Contao 4.0 through 4.8.5 Incorrect Default Permissions Vulnerability

Summary

Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

Credit:

The information has been provided by Vendor

The original article can be found at:https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html


Details

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

 

Vulnerable Systems:

Contao 4.0 through 4.8.5

 

CVE Information:

CVE-2019-19712

 

Disclosure Timeline:
Published Date:12/17/2019

Categories: News