Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
CPE | Name | Operator | Version |
---|---|---|---|
contao_cms | eq | 4.3.8 | |
contao_cms | eq | 4.2.1 | |
contao_cms | le | 3.5.27 | |
contao_cms | eq | 4.3.9 | |
contao_cms | eq | 4.1.1 | |
contao_cms | eq | 4.0.0 beta1 | |
contao_cms | eq | 4.3.0 | |
contao_cms | eq | 4.0.4 | |
contao_cms | eq | 4.3.3 | |
contao_cms | eq | 4.2.0 rc1 |