Описание
Contao Core directory traversal vulnerability
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-10993
- https://contao.org/en/news/contao-3_5_28.html
- https://contao.org/en/news/contao-4_4_1.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
Пакеты
Наименование
contao/contao
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.4.1
4.4.1
Наименование
contao/core-bundle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.4.1
4.4.1
Наименование
contao/core
composer
Затронутые версииВерсия исправления
>= 3.0.0, < 3.5.28
3.5.28
Связанные уязвимости
CVSS3: 8.8
nvd
больше 8 лет назад
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.