Description
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2021-25329)
Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)
WordPress Plugin Access Demo Importer Arbitrary File Upload (1.0.6)