CVE-2015-0269

MEDIUM

Contao < 3.2.19 and 3.4.0-3.4.3 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://contao.org/en/news/contao-3_2_19.html
Vendor Advisory x_refsource_confirm
https://contao.org/en/news/contao-3_4_4.html

Scores

CVSS v3 4.3
EPSS 0.0142
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (6)
contao/contao_cms 3.4.0 (2 CPE variants)
contao/contao_cms 3.4.1
contao/contao_cms 3.4.2
contao/contao_cms 3.4.3
contao/contao_cms < 3.2.18
contao/core 3.4.0 - 3.4.4Packagist
Published May 26, 2017
Tracked Since Feb 18, 2026