{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-21T05:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://contao.org/en/news/contao-3_5_28.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10993", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://contao.org/en/news/contao-3_5_28.html", "refsource": "CONFIRM", "url": "https://contao.org/en/news/contao-3_5_28.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:57:57.413Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://contao.org/en/news/contao-3_5_28.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10993", "datePublished": "2017-07-21T06:00:00.000Z", "dateReserved": "2017-07-07T00:00:00.000Z", "dateUpdated": "2024-08-05T17:57:57.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "345EFF44-3226-4823-92C5-3E94043A0384", "versionEndIncluding": "3.5.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A36BE117-EB7C-416B-A0C8-FAD70E65C7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "63498341-5F80-4552-A533-3DA0C398FEA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D08FA6D9-CFF9-496A-A4E3-35CFBB832802", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D45C3808-BEDF-403A-A972-630067B29525", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "590812CA-69C8-433B-B95E-F9419655E950", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "FFE4F7CE-9A04-4A84-9C45-28DC84A386BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3C978D3A-B6B3-4BD7-9C49-F5D9C076B498", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "50F00A7E-AE29-40CA-AE6B-D5FEBE483CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "F57CC647-3B81-475D-A4A3-499D223941F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D0473068-D670-41FE-AFCD-0B14E9EC8705", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BD176B3F-51E2-4BC0-9C34-116C2532F2D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5AB7FC43-D899-4AF2-B48B-CA689D8E0E60", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3856C8EA-96A6-4164-BA6B-C7B2827416C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD7B0B82-B936-4283-BB12-16E4CD1024A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "F67D76B5-92C0-4403-9F7C-DB91C0A8E52B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "103492BC-2152-41D6-9A3D-EE95AE5AE8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "89E9C0D4-3DC2-4AB6-BE48-FBAB387FF24A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "228151A7-BBC0-413C-9220-05D3F45D148F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "49A00DDA-346C-476F-832B-D0DA9B8CB926", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "563EA1E3-ECB2-454B-BC0D-5E7AFE2A1566", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "A33B5AE6-7AD8-4F7A-8E72-21962C601E82", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5239F9C4-1601-477D-9CB4-C95586BB3F6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "45C8E022-7F37-4BFA-9D28-C083ADE58CBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "479DEA11-6158-476F-AEC6-2BED5AC3FC5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "75BE9E24-F0EA-4D5F-B172-92EBE3FC8F5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "A4728FDD-09FD-4752-AC10-BEA4BFC3C16C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4BBD2BD2-341E-4332-8A78-8973895A8C40", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "DFA95607-828A-4FBB-818F-D22DBD4A19DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "E145183E-26DD-435B-B060-8E3F17F0EA7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "BCC3036F-A8BA-402F-9F94-E5A8CA880606", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "47FE8357-7569-4F12-847B-F615BBB75486", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA64EC0D-FACA-4683-84AA-8288BECD376D", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "1CE3E158-9C34-490E-8858-F887A98AFB9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "3759FE91-B5BF-4DAD-B972-FB23C5FE12C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "45C095B1-09F3-43EE-9738-8157ED74A5F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "0D08445B-DCB8-416A-A0E1-62D9E1E68B0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "1A176687-80CF-4159-97CA-05B332F5E295", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."}, {"lang": "es", "value": "Contao anterior a versi\u00f3n 3.5.28 y versi\u00f3n 4.x anterior a 4.4.1, permite que los atacantes remotos incluyan y ejecuten archivos PHP locales arbitrarios por medio de un par\u00e1metro creado en una URL, tambi\u00e9n se conoce como Salto de Directorio."}], "id": "CVE-2017-10993", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-21T06:29:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_5_28.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://contao.org/en/news/contao-3_5_28.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}