CVE-2017-15363
HIGH EXPLOITED NUCLEILuracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Title source: nucleiExploitation Summary
CVE-2017-15363 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.
Nuclei Templates (1)
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
HIGHby 0x_Akoko
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://extensions.typo3.org/extension/restler/
Vendor Advisory x_refsource_misc
https://extensions.typo3.org/extension/download/restler/1.7.1/zip/
Scores
CVSS v3
7.5
EPSS
0.1365
EPSS Percentile
96.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2023-11-26
CWE
CWE-22
Status
published
Products (4)
aoe/restler
0 - 1.7.1Packagist
luracast/restler
< 1.7.1
luracast/restler
< 3.0.0
luracast/restler
0 - 3.1.0Packagist
Published
Oct 15, 2017
Tracked Since
Feb 18, 2026