CVE-2019-19712

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19712

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19712.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-19712

Aliases

GHSA-4mvc-qc5w-v5qr

Published

2019-12-17T14:15:18.153Z

Modified

2026-02-24T11:32:10.897018Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

84b2fe637d5ead531f117f26b48d1b9de8df4074

Introduced

879e05ecc75a6bf70aabc1c3d867eb420f291f60

Last affected

e2234567e8a17ff151137c288b14591213652195

Introduced

da8a867d8335c4ca55e5085dac11f1fecd12650e

Last affected

0dae4caadb79f1581d1851d849955929318bc7d9

Affected versions

4.*

4.4.43

4.4.44

4.4.45

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19712.json"