Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core | eq | 3.0.RC2 | |
contao/core | eq | 2.6.8 | |
contao/core | eq | 2.6.3 | |
contao/core | eq | 2.7.6 | |
contao/core | eq | 3.2.2 | |
contao/core | eq | 2.8.0 | |
contao/core | eq | 2.10.2 | |
contao/core | eq | 2.7.5 | |
contao/core | eq | 2.11.RC1 | |
contao/core | eq | 3.2.17 |
contao.org/en/news/contao-3_2_19.html
contao.org/en/news/contao-3_4_4.html
contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
github.com/contao/core
github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml
nvd.nist.gov/vuln/detail/CVE-2015-0269