Contao CMS Multiple PHP Object Injection Vulnerabilities

Contao is prone to multiple PHP object-injection vulnerabilities.

Attackers can exploit these issues to inject arbitrary object in to the application. This may allow an attacker to delete files or execute arbitrary PHP code through specially crafted objects.

Versions prior to Contao 2.11.14 and 3.2.5 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus