Contao Core directory traversal vulnerability

🗓️ 13 May 2022 01:42:03Reported by GitHub Advisory DatabaseType

Contao Core directory traversal vulnerability. Logged in user can include arbitrary PHP files by manipulating URL parameter. Attack limited to existing PHP files

Reporter	Title	Published	Views	Family All 12
CNVD	Contao Directory Traversal Vulnerability (CNVD-2017-25541)	25 Jul 201700:00	–	cnvd
Contao	PHP file inclusion in the back end	12 Jul 201700:00	–	contao
CVE	CVE-2017-10993	21 Jul 201706:00	–	cve
Cvelist	CVE-2017-10993	21 Jul 201706:00	–	cvelist
EUVD	EUVD-2022-5717	3 Oct 202520:07	–	euvd
Friends Of PHP	A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter	12 Jul 201709:09	–	friendsofphp
Friends Of PHP	A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter	12 Jul 201709:09	–	friendsofphp
Friends Of PHP	A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter	12 Jul 201707:10	–	friendsofphp
NVD	CVE-2017-10993	21 Jul 201706:29	–	nvd
OSV	GHSA-X5G4-CRXQ-QXJX Contao Core directory traversal vulnerability	13 May 202201:42	–	osv

Vulners

Node

contao coreRange3.0.0–3.5.28composer

contao core-bundleRange4.0.0–4.4.1composer

contao contaoRange4.0.0–4.4.1composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-10993
contao	www.contao.org/en/news/contao-3_5_28.html
contao	www.contao.org/en/news/contao-4_4_1.html
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml
github	www.github.com/advisories/GHSA-x5g4-crxq-qxjx

25 Apr 2024 23:17Current

7High risk

Vulners AI Score7

CVSS 26.5

CVSS 38.8

EPSS0.00825

CWE-22