Security issues in Contao #6695
I have found a few security issues in the latest stable of contao.
Please contact me by email (email@example.com) so that I can send the report to you.
To avoid revealing the bug before it's fixed, I will only send the report to people who have committed changed to the repository in the last 2 versions.
The text was updated successfully, but these errors were encountered:
…#6695) Do not process serialized objects in the `deserialize()` function, so it is not vulnerable to PHP object injection in conjunction with raw POST data. Thanks to Pedro Ribeiro for his input.