3 matches found
CVE-2017-10993
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal...
CVE-2017-10993
CVE-2017-10993 covers a directory traversal in Contao before 3.5.28 and 4.x before 4.4.1. A remote attacker can include and execute arbitrary local PHP files by manipulating a crafted URL parameter. This vulnerability enables remote code execution on affected Contao installations. The issue is do...
PHP file inclusion in the back end
Date : 2017-07-12 CVE ID : CVE-2017-10993 Description A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server. Affected versions...