Опубликовано: 17 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 4.3
Описание
Contao affected by directory traversal in the file selector widget
Impact
Back end users can list files outside their file mounts or the document root in the FileSelector widget.
Patches
Update to Contao 4.13.49.
Workarounds
None.
References
https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
Credits
Thanks to Jakob Steeg from usd AG for reporting this vulnerability.
Пакеты
Наименование
contao/core-bundle
composer
Затронутые версииВерсия исправления
< 4.13.49
4.13.49
Связанные уязвимости
CVSS3: 4.3
nvd
больше 1 года назад
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.