CNNVD-202508-3318 Information

Aug 28, 2025 cve

CNNVD ID

CNNVD-202508-3318

CVE-2025-57759

  • CNNVD Published: 2025-08-28

Description (Chinese)

Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 5.3.38版本和5.6.1之前版本存在安全漏洞,该漏洞源于后端用户可能编辑无权限的页面和文章字段。

Description (English)

Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. There is a security loophole in the Contao version 5.3.38 and previous versions of 5.6.1, which originates from pages and article fields where back-end users may edit without permission.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Contemporary Controls

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields https://nvd.nist.gov/vuln/detail/CVE-2025-57759 https://vigilance.fr/vulnerability/Contao-write-access-via-Page-Article-Fields-48083

Patch

https://contao.org/en/download

Share on: