Home > Vulnerability Database > CVE-2024-45398

Mend.io Vulnerability Database

CVE-2024-45398

Good to know:

Date: September 17, 2024

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.

Language: PHP

Severity Score

8.3

Related Resources (8)

Url: https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e

Url: https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5

Url: https://github.com/contao/contao

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45398

Url: https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb

Url: https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads

Url: https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3

Url: https://www.mend.io/vulnerability-database/CVE-2024-45398

Severity Score

8.3

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version contao/core-bundle - 4.13.49,5.3.15,5.4.3

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45398

Good to know:

Date: September 17, 2024

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?