CVE-2018-20028 — Improper Access Control in CMS

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 49.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 17

Latest updateMay 13

Description

Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

▶Packagistcontao/contao3.0.0 — 3.5.37+2

▶NVDcontao/contao_cms3.0.0 — 3.5.37+2

GHSA

Contao Information Disclosure via Access Control Flaws↗2022-05-13

▶

OSV

Contao Information Disclosure via Access Control Flaws↗2022-05-13

▶

CVEList

CVE-2018-20028: Contao 3↗2019-04-17

▶