CVE-2015-0269

MEDIUM

Contao Cms < 3.2.18 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

References (3)

[Vendor Advisory] https://contao.org/en/news/contao-3_2_19.html

[Vendor Advisory] https://contao.org/en/news/contao-3_4_4.html

[Vendor Advisory] https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html

Scores

CVSS v3 4.3

EPSS 0.0046

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (8)

contao/contao_cms < 3.2.18

contao/contao_cms

n/a/n/a

contao/core < 3.4.4Packagist

Published May 26, 2017

Tracked Since Feb 18, 2026