2019-12-17 14:17:35
mitre
PUBLISHED
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.