CVE-2015-0269 – contao/core

Package

Manager: composer
Name: contao/core
Vulnerable Version: >=3.4.0 <3.4.4 || >=2.0.0 <3.2.19

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0046 pctl0.63213

Details

Contao Core directory traversal vulnerability Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.

Metadata

Created: 2022-05-17T02:42:22Z
Modified: 2024-04-25T23:15:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4r6g-xhx7-fm36/GHSA-4r6g-xhx7-fm36.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-4r6g-xhx7-fm36
Finding: F063
Auto approve: 1