CVE-2018-20028: Direct Request (Forced Browsing)

April 17, 2019 (updated October 3, 2019)

Contao has Incorrect Access Control.

References

contao.org/en/news.html
contao.org/en/news/security-vulnerability-cve-2018-20028.html
nvd.nist.gov/vuln/detail/CVE-2018-20028

Code Behaviors & Features

Detect and mitigate CVE-2018-20028 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →