目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

Contao 厂商漏洞列表 / CVE 中文分析 22

Contao 厂商相关 22 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Contao 是一款基于 PHP 的开源内容管理系统,广泛用于构建企业网站及数字平台。其核心功能涵盖内容编辑、多语言支持及用户权限管理。历史上,该系统曾暴露出跨站脚本(XSS)、远程代码执行(RCE)及越权访问等高危漏洞,累计收录 22 条 CVE。官方通过定期安全更新修复缺陷,建议管理员及时升级版本并遵循最小权限原则,以防范潜在的数据泄露与服务中断风险。

上位製品 Contao: contao
CVE IDタイトルCVSS深刻度公開日
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates — contaoCWE-87 3.3 Low2025-11-25
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures — contaoCWE-351 6.6 Medium2025-11-25
CVE-2025-57759 Contao has improper privilege management for page and article fields — contaoCWE-269 4.3 Medium2025-08-28
CVE-2025-57758 Contao has improper access control in the back end voters — contaoCWE-284 4.3 Medium2025-08-28
CVE-2025-57757 Contao discloses information in the news module — contaoCWE-200 5.3 Medium2025-08-28
CVE-2025-57756 Contao discloses sensitive information in the front end search index — contaoCWE-200 5.3 Medium2025-08-28
CVE-2025-29790 Contao allows cross-site scripting through SVG uploads — contaoCWE-79 4.6 -2025-03-18
CVE-2024-45965 Contao 安全漏洞 — ContaoCWE-434 6.4 Medium2024-10-02
CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle — contaoCWE-22 4.3 Medium2024-09-17
CVE-2024-45398 Remote command execution through file upload in contao/core-bundle — contaoCWE-434 8.3 High2024-09-17
CVE-2024-45612 Insert tag injection via canonical URL in Contao — contaoCWE-20 5.3 Medium2024-09-17
CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change — contaoCWE-613 5.9 Medium2024-04-09
CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links — contaoCWE-200 8.4 High2024-04-09
CVE-2024-28234 Contao has insufficient BBCode sanitizer — contaoCWE-74 4.3 Medium2024-04-09
CVE-2024-28191 Contao may have unencoded insert tags in the frontend — contaoCWE-74 3.1 Low2024-04-09
CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager — contaoCWE-79 5.4 Medium2024-04-09
CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget — contaoCWE-79 6.5 Medium2023-07-25
CVE-2023-29200 contao/core-bundle has path traversal vulnerability in the file manager — contaoCWE-22 4.3 Medium2023-04-25
CVE-2022-24899 Cross site scripting via canonical tag — contaoCWE-79 7.2 High2022-05-05
CVE-2021-37627 Privilege escalation via form generator — contaoCWE-269 8.0 High2021-08-11
CVE-2021-37626 PHP file inclusion via insert tags — contaoCWE-94 7.2 High2021-08-11
CVE-2012-4383 contao SQL注入漏洞 — contao 8.8 -2020-01-29

本页汇总了 Contao 厂商截至目前公开的全部 22 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。