Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)

Description

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.

Remediation

References

Related Vulnerabilities

MySQL CVE-2018-2646 Vulnerability (CVE-2018-2646)

WordPress Plugin YITH WooCommerce Best Sellers Security Bypass (1.1.11)

Serendipity Improper Access Control Vulnerability (CVE-2016-10082)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0061)

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)

Severity

Medium

Classification

CVE-2025-57756 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities