CNNVD-202508-3321 Information

Aug 28, 2025 cve

CNNVD ID

CNNVD-202508-3321

CVE-2025-57756

  • CNNVD Published: 2025-08-28

Description (Chinese)

Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.13.56版本和5.6.1之前版本存在安全漏洞,该漏洞源于受保护内容元素被索引并公开可用,可能导致前端搜索泄露。

Description (English)

Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. Contao 4.13.56 and previous 5.6.1 versions have a security loophole, which stems from the fact that protected content elements are indexed and publicly available and may lead to a front-end search for leaks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Contemporary Controls

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475 https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514 https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index https://nvd.nist.gov/vuln/detail/CVE-2025-57756 https://vigilance.fr/vulnerability/Contao-information-disclosure-via-Search-Index-48081

Patch

https://contao.org/en/download

Share on: