Description

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

Remediation

References

CVE-2015-0269

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19626)

WordPress Plugin WP Sudoku Plus Unspecified Vulnerability (1.4)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-2516)

WordPress Plugin Video Lessons Manager-Video Lessons LMS for eLearning Site Cross-Site Scripting (3.5.8)

Severity

Medium

Classification

CVE-2015-0269 CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities