Description Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities Remediation References CVE-2014-1860 Related Vulnerabilities WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1) MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19048) WordPress Plugin UnGallery Local File Disclosure (1.5.8) Ruby Numeric Errors Vulnerability (CVE-2008-2376) WordPress Plugin BackWPup Cross-Site Scripting (3.2.3) Severity Critical Classification CVE-2014-1860 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities