CNNVD-202511-2714 Information
CNNVD ID
CNNVD-202511-2714
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.0.0版本至4.13.57之前版本、5.3.42之前版本和5.6.5之前版本存在安全漏洞,该漏洞源于模板闭包中可执行任意PHP函数,可能导致代码执行。
Description (English)
Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. Contao 4.0.0 to 4.13.57, 5.3.42 and 5.6.5 have a security loophole, which stems from the fact that an arbitrary PHP function can be performed in a template in a closed package and may result in code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Contao
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r https://contao.org/en/security-advisories/remote-code-execution-in-template-closures https://access.redhat.com/security/cve/cve-2025-65960 https://vigilance.fr/vulnerability/Contao-Cross-Site-Scripting-via-Template-Closures-48862
Patch
https://contao.org/en/security-advisories/cross-site-scripting-in-templates
Share on: