Description
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-3690)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.10)
WordPress Plugin WP All Backup Unspecified Vulnerability (1.5)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4790)