Skip to content

contao/core PHP object injection vulnerability allows for arbitrary code execution

High severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

composer contao/core (Composer)

Affected versions

>= 2.0.0, < 2.11.14
>= 3.0.0, < 3.2.5

Patched versions

2.11.14
3.2.5

Description

PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize() function.

References

Published to the GitHub Advisory Database May 15, 2024
Reviewed May 15, 2024
Last updated May 15, 2024

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-wq43-8r5p-w3mc

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.