Description
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Remediation
References
Related Vulnerabilities
ownCloud Other Vulnerability (CVE-2022-25338)
MySQL CVE-2020-2892 Vulnerability (CVE-2020-2892)
MySQL CVE-2013-2395 Vulnerability (CVE-2013-2395)
Oracle Database Server CVE-2015-0455 Vulnerability (CVE-2015-0455)
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2023-5678)