Home > Vulnerability Database > CVE-2021-37627

Mend.io Vulnerability Database

CVE-2021-37627

Date: August 11, 2021

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users are advised to update to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form generator or disable the login for untrusted back end users.

Language: PHP

Severity Score

8.0

Related Resources (7)

Url: https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml

Url: https://github.com/contao/contao

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-37627

Url: https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m

Url: https://www.mend.io/vulnerability-database/CVE-2021-37627

Severity Score

8.0

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-37627

Date: August 11, 2021

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?