CVE-2014-1860

CRITICAL

Contao CMS <3.2.4 - Code Injection

Title source: llm

Description

Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities

References (5)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/02/03/14

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/02/07/7

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65293

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/cve/CVE-2014-1860

[Exploit, Third Party Advisory] https://www.exploit-database.net/?id=21609

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

contao/contao_cms < 3.2.4

Timeline

Published Jan 08, 2020

Tracked Since Feb 18, 2026