CVE-2015-0269
MEDIUMContao < 3.2.19 and 3.4.0-3.4.3 - Authenticated Path Traversal
Title source: llmDescription
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://contao.org/en/news/contao-3_2_19.html
Vendor Advisory x_refsource_confirm
https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html
Vendor Advisory x_refsource_confirm
https://contao.org/en/news/contao-3_4_4.html
Scores
CVSS v3
4.3
EPSS
0.0142
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (6)
contao/contao_cms
3.4.0 (2 CPE variants)
contao/contao_cms
3.4.1
contao/contao_cms
3.4.2
contao/contao_cms
3.4.3
contao/contao_cms
< 3.2.18
contao/core
3.4.0 - 3.4.4Packagist
Published
May 26, 2017
Tracked Since
Feb 18, 2026