CVE-2015-0269
MEDIUM4.3EPSS 0.46%Contao Core directory traversal vulnerability
Published: 5/17/2022Modified: 4/25/2024
Also known as:GHSA-4r6g-xhx7-fm36
Description
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.
Affected packages (1)
- Packagist/contao/core>= 3.4.0, < 3.4.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-0269
- PATCHhttps://github.com/contao/core
- WEBhttps://contao.org/en/news/contao-3_2_19.html
- WEBhttps://contao.org/en/news/contao-3_4_4.html
- WEBhttps://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
- WEBhttps://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml