← Volver a CVEs
CVE-2019-19712
MEDIUM5.3
Descripcion
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/17/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
contao:contao
Debilidades (CWE)
CWE-276
Referencias
https://contao.org/en/news.html(cve@mitre.org)
https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html(cve@mitre.org)
https://contao.org/en/news.html(af854a3a-2127-422b-91ae-364da2661108)
https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.