Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993) CVE-2017-10993 CWE-22 CWE-22 High Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200) CVE-2023-29200 CWE-22 CWE-22 Medium Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604) CVE-2024-45604 CWE-22 CWE-22 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0508) CVE-2011-0508 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335) CVE-2011-4335 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5478) CVE-2018-5478 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125) CVE-2018-10125 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210) CVE-2021-35210 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955) CVE-2021-35955 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899) CVE-2022-24899 CWE-707 CWE-707 Medium Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806) CVE-2023-36806 CWE-707 CWE-707 Medium Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612) CVE-2024-45612 CWE-138 CWE-138 Medium Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383) CVE-2012-4383 CWE-138 CWE-138 High Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558) CVE-2017-16558 CWE-138 CWE-138 Critical Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512) CVE-2019-11512 CWE-138 CWE-138 Critical Contao Improper Privilege Management Vulnerability (CVE-2021-37627) CVE-2021-37627 CWE-269 CWE-269 High Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712) CVE-2019-19712 CWE-276 CWE-276 Medium Contao Key Management Errors Vulnerability (CVE-2019-10643) CVE-2019-10643 Critical Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745) CVE-2019-19745 CWE-434 CWE-434 High Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398) CVE-2024-45398 CWE-434 CWE-434 High Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641) CVE-2019-10641 CWE-640 CWE-640 Critical Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags CWE-16 CWE-16 Informational Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive CWE-16 CWE-16 Informational Content Security Policy (CSP) Contains Out of Scope report-uri Domain CWE-16 CWE-16 Informational Content Security Policy (CSP) Keywords Not Used Within Single Quotes CWE-16 CWE-16 Informational Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes CWE-16 CWE-16 Informational Content Security Policy (CSP) Nonce Without Matching Script Block CWE-16 CWE-16 Informational Content Security Policy (CSP) Not Implemented CWE-1021 CWE-1021 Informational Content Security Policy (CSP) report-uri Uses HTTP CWE-16 CWE-16 Informational Content Security Policy Misconfiguration CWE-16 CWE-16 Informational Cookie signed with weak secret key CWE-693 CWE-693 Medium Cookies Not Marked as HttpOnly CWE-1004 CWE-1004 Low Cookies Not Marked as Secure CWE-614 CWE-614 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Cookies with Secure flag set over insecure connection CWE-16 CWE-16 Informational Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921) CVE-2015-3921 Low Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2018-14478) CVE-2018-14478 Medium Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187) CVE-2008-7187 CWE-200 CWE-200 Medium Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722) CVE-2011-3722 CWE-200 CWE-200 Medium Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614) CVE-2012-1614 CWE-200 CWE-200 Medium Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923) CVE-2015-3923 CWE-200 CWE-200 Medium Coppermine Improper Authentication Vulnerability (CVE-2005-3979) CVE-2005-3979 CWE-287 CWE-287 Medium Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481) CVE-2008-3481 CWE-94 CWE-94 High Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486) CVE-2008-3486 CWE-22 CWE-22 High Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667) CVE-2010-4667 CWE-707 CWE-707 Medium Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4693) CVE-2010-4693 CWE-707 CWE-707 Medium Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476) CVE-2011-2476 CWE-707 CWE-707 Medium Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1613) CVE-2012-1613 CWE-707 CWE-707 Low Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4612) CVE-2014-4612 CWE-707 CWE-707 Medium Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504) CVE-2008-0504 CWE-138 CWE-138 Medium Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528) CVE-2015-6528 Medium Coppermine Open Redirection Vulnerability (CVE-2015-3922) CVE-2015-3922 Medium Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186) CVE-2008-7186 CWE-264 CWE-264 Medium Core dump checker PHP script CWE-200 CWE-200 Medium Core dump file CWE-200 CWE-200 High CouchDB REST API publicly accessible CWE-285 CWE-285 High cPanel XSS (CVE-2023-29489) CVE-2023-29489 CWE-79 CWE-79 Medium Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383) CVE-2017-8383 Medium Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622) CVE-2024-21622 High Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280) CVE-2019-14280 CWE-200 CWE-200 Medium Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292) CVE-2024-52292 CWE-552 CWE-552 Medium Craft CMS Improper Authentication Vulnerability (CVE-2024-41800) CVE-2024-41800 CWE-287 CWE-287 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903) CVE-2021-27903 CWE-94 CWE-94 Critical Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30130) CVE-2023-30130 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179) CVE-2023-30179 CWE-94 CWE-94 High Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892) CVE-2023-41892 CWE-94 CWE-94 Critical Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291) CVE-2024-52291 CWE-22 CWE-22 High Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293) CVE-2024-52293 CWE-22 CWE-22 High Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824) CVE-2021-41824 CWE-1236 CWE-1236 High Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8052) CVE-2017-8052 CWE-707 CWE-707 Medium Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8384) CVE-2017-8384 CWE-707 CWE-707 Medium Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516) CVE-2017-9516 CWE-707 CWE-707 Medium Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418) CVE-2018-20418 CWE-707 CWE-707 Medium Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9554) CVE-2019-9554 CWE-707 CWE-707 Medium Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823) CVE-2019-12823 CWE-707 CWE-707 Medium 1...19202122...303 20 / 303
