Description Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. Remediation References CVE-2017-8383 Related Vulnerabilities WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2) WordPress Plugin MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles Arbitrary File Deletion (1.9.2) Perl Numeric Errors Vulnerability (CVE-2010-1158) Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17858) Internet Information Services Other Vulnerability (CVE-2001-0709) Severity Medium Classification CVE-2017-8383 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities