Contao » Contao Cms : Security Vulnerabilities, CVEs, Published In 2017 (Directory traversal)
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Max CVSS
8.8
EPSS Score
0.32%
Published
2017-07-21
Updated
2019-10-03
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.16%
Published
2017-05-26
Updated
2017-06-08
2 vulnerabilities found