Description Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. Remediation References CVE-2017-8383 Related Vulnerabilities Drupal Improper Authentication Vulnerability (CVE-2010-3685) ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893) WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (4.0.2) PHP Other Vulnerability (CVE-2003-0166) Grafana Improper Authentication Vulnerability (CVE-2021-28148) Severity Medium Classification CVE-2017-8383 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities