Description
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)
WordPress Plugin Admin renamer extended Cross-Site Request Forgery (3.2.1)
Sqlite Use of Uninitialized Resource Vulnerability (CVE-2015-3414)
Apache 2.2.14 mod_isapi Dangling Pointer
WordPress Plugin Wise Agent Lead Capture Forms Cross-Site Scripting (1.0)