0.003 Low
EPSS
Percentile
70.5%
contao/core-bundle is vulnerable to directory traversal attacks. A logged in, back-end user can include and exclude local PHP files through URL manipulation.
contao.org/en/news/contao-3_5_28.html