ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I’ve created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti’s Advisory

Other web sites have reported my security Advisory:



Leave a Reply

Your email address will not be published. Required fields are marked *