CVE-2019-19745

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19745

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19745.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19745

Aliases

GHSA-wjx8-cgrm-hh8p

Published

2019-12-17T15:15:25.957Z

Modified

2025-11-20T10:44:20.416053Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

da8a867d8335c4ca55e5085dac11f1fecd12650e

Last affected

0dae4caadb79f1581d1851d849955929318bc7d9

Last affected

84b2fe637d5ead531f117f26b48d1b9de8df4074

Last affected

a112b68dcb5215b01f2c4c4b8de6bcb3d3b9ae81

Last affected

afeedc98905a9dedd598f5a5814decc1ad1b008d

Last affected

b09b4d51d13d37b4bfcd2ef4314fc6a20184dc55

Last affected

b4dda036c2c0fc7d17c1aa402eaacf6b5dc335fc

Last affected

c3e0c88e63095d83fd37fb96c4381de7658de4dc

Last affected

dfb96f2755181aedb587e897316a656dd933df31

Introduced

879e05ecc75a6bf70aabc1c3d867eb420f291f60

Last affected

e2234567e8a17ff151137c288b14591213652195

Affected versions

4.*

4.4.43

4.4.44

4.4.45

4.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19745.json"