Contao CMS Security Bulletin: Multiple CVE Fixes (RCE, XSS, SQLi)

Vulnerability Fix Information CVE-2021-37627: - Description: Prevent privilege escalation with the form generator. - Version: 4.4.56 (2021-08-11) CVE-2021-37626: - Description: Prevent PHP file inclusion via insert tags. - Version: 4.4.56 (2021-08-11) CVE-2021-35955: - Description: Prevent XSS via HTML attributes in the back end. - Version: 4.4.56 (2021-08-11) CVE-2020-25768: - Description: Prevent insert tag injections in forms. - Version: 4.4.52 (2020-09-24) CVE-2020-27776: - Description: Prevent arbitrary file uploads in the back end. - Version: 4.4.41 (2018-07-16) CVE-2020-20028: - Description: Prevent information disclosure through incorrect access control in the back end. - Version: 4.4.31 (2018-12-13) CVE-2019-11512: - Description: Prevent SQL injections in the file manager search. - Version: 4.4.39 (2019-04-30) CVE-2019-10641: - Description: Invalidate the user sessions if a password changes. - Version: 4.4.37 (2019-04-09) Other Important Security Updates: Version 4.4.56 (2021-08-11): - Prevent privilege escalation - Prevent PHP file inclusion - Prevent XSS via HTML attributes Version 4.4.52 (2020-09-24): - Prevent insert tag injections in forms Version 4.4.18 (2018-04-18): - Fix an XSS vulnerability in the system log Version 4.4.41 (2018-07-16): - Correctly handle subpalettes in "edit multiple" mode Version 4.4.8 (2017-11-15): - Prevent SQL injections in the back end search panel This information provides specific CVE numbers and corresponding version releases for fixes, helping to ensure system security and stability.

Goal Reached Thanks to every supporter — we hit 100%!

Contao CMS Security Bulletin: Multiple CVE Fixes (RCE, XSS, SQLi)