CNNVD-202508-3320 Information

CNNVD ID

CNNVD-202508-3320

Related CVE

CVE-2025-57757

• CNNVD Published: 2025-08-28

Description (Chinese)

Contao是Contao开源的一套采用PHP开发的开源内容管理系统（CMS）。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 5.3.38版本和5.6.1之前版本存在安全漏洞，该漏洞源于新闻源中受保护新闻项未被过滤，可能导致RSS源公开泄露。

Description (English)

Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. There is a security loophole in the Contao version 5.3.38 and previous versions of 5.6.1, which stems from the fact that protected news items in the source are not filtered and may lead to public disclosure of RSS sources.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Contemporary Controls

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271 https://contao.org/en/security-advisories/information-disclosure-in-the-news-module https://nvd.nist.gov/vuln/detail/CVE-2025-57757 https://vigilance.fr/vulnerability/Contao-information-disclosure-via-News-Module-48082

Patch

https://contao.org/en/download