Description
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comment and Review Spam Control for WooCommerce Security Bypass (1.4.2)
WordPress Plugin Tweet Wheel Multiple Cross-Site Scripting Vulnerabilities (1.0.3.2)
Oracle JRE CVE-2013-2456 Vulnerability (CVE-2013-2456)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.26)
WordPress Plugin Category Grid View Gallery Cross-Site Scripting (2.3.3)