CVE-2015-0269

Опубликовано: 26 мая 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

Ссылки

https://contao.org/en/news/contao-3_2_19.html
Vendor Advisory
https://contao.org/en/news/contao-3_4_4.html
Vendor Advisory
https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
Vendor Advisory
https://contao.org/en/news/contao-3_2_19.html
Vendor Advisory
https://contao.org/en/news/contao-3_4_4.html
Vendor Advisory
https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*

Версия до 3.2.18 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:contao:contao_cms:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:contao:contao_cms:3.4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:contao:contao_cms:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:contao:contao_cms:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:contao:contao_cms:3.4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.0046

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-4r6g-xhx7-fm36