Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control.Referenceshttps://contao.org/en/news.htmlhttps://contao.org/en/news/security-vulnerability-cve-2018-20028.html
