Description

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

Remediation

References

CVE-2015-0269

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2016-4345)

Drupal Core 6.x Security Bypass (6.0 - 6.1)

Zope Web Application Server Other Vulnerability (CVE-2010-3198)

Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)

WordPress Plugin Slimstat Analytics PHP Object Injection (4.7)

Severity

Medium

Classification

CVE-2015-0269 CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities