0.001 Low
EPSS
Percentile
45.7%
contao/contao and contao/core-bundle are vulnerable to Directory Traversal. The vulnerability exists in DC_Folder.php which allows an attacker to list files outside the document root in the file manager.
DC_Folder.php
contao.org/en/security-advisories/directory-traversal-in-the-file-manager
github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
github.com/contao/core-bundle/commit/4c45cb52d4a3f3a4982c6d7d4c389176167999b3