CVE-2015-0269
MEDIUM4.3EPSS 0.46%Contao Core directory traversal vulnerability
發布日:2022/5/17修改日:2024/4/25
描述
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors.
受影響套件(1)
- Packagist/contao/core>= 3.4.0, < 3.4.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-0269
- PATCHhttps://github.com/contao/core
- WEBhttps://contao.org/en/news/contao-3_2_19.html
- WEBhttps://contao.org/en/news/contao-3_4_4.html
- WEBhttps://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
- WEBhttps://github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674d
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yaml