Description

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

Remediation

References

CVE-2019-19712

Related Vulnerabilities

WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Unspecified Vulnerability (4.9.4)

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (3.3.2)

Squid Improper Privilege Management Vulnerability (CVE-2019-12522)

MediaWiki CVE-2012-4885 Vulnerability (CVE-2012-4885)

WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)

Severity

Medium

Classification

CVE-2019-19712 CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities