Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)

Description

Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.

Remediation

References

Related Vulnerabilities

Joomla! Core 1.0.x Security Bypass (1.0.0 - 1.0.10)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2102)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Cross-Site Scripting (1.6.2)

WordPress Plugin AffiliateWP Cross-Site Scripting (2.0.9)

WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.2)

Severity

Medium

Classification

CVE-2018-20028 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities