Описание
Contao Core directory traversal vulnerability
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0269
- https://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
- https://contao.org/en/news/contao-3_2_19.html
- https://contao.org/en/news/contao-3_4_4.html
- https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
Пакеты
Наименование
contao/core
composer
Затронутые версииВерсия исправления
>= 3.4.0, < 3.4.4
3.4.4
Наименование
contao/core
composer
Затронутые версииВерсия исправления
>= 2.0.0, < 3.2.19
3.2.19
Связанные уязвимости
CVSS3: 4.3
nvd
больше 8 лет назад
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.