Browse all 22 CVE security advisories affecting Contao. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Contao is an open-source content management system designed for creating complex, multilingual websites with a focus on accessibility and SEO. Historically, its codebase has been susceptible to several critical vulnerability classes, including remote code execution, cross-site scripting, and SQL injection. These flaws often stem from insufficient input validation and improper access controls within legacy modules. Notable incidents include multiple CVEs allowing attackers to execute arbitrary commands or escalate privileges, frequently exploiting weak session management or insecure file uploads. The platform’s modular architecture sometimes introduces attack surfaces through third-party extensions that lack rigorous security auditing. While recent versions have improved sandboxing and input filtering, the accumulation of 22 recorded CVEs highlights ongoing challenges in maintaining secure code standards across its extensive feature set.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with Contao. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.