Description
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29509)
WordPress Plugin Age Verify Cross-Site Scripting (0.2.8)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0168)
WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)
WordPress Plugin Member Approval Cross-Site Request Forgery (131109)