CVE-2022-26265: Improper Neutralization of Special Elements used in a Command ('Command Injection')

March 18, 2022 (updated August 8, 2023)

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.

References

github.com/JCCD/Contao-Managed-Edition-1.5-RCE/blob/main/VulnerabilityDetails.md
nvd.nist.gov/vuln/detail/CVE-2022-26265

Code Behaviors & Features

Detect and mitigate CVE-2022-26265 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →