Date: 2018-12-13
CVE ID: CVE-2018-20028
Logged in back end users can view records which have not been enabled for them. The problem affects all Contao versions and has been fixed in Contao 3.5.37, 4.4.31 and 4.6.11.


Read more about 'Viewing unauthorized records in the back end'...