Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability. | |
Title | Directory traversal in the file selector widget in contao/core-bundle | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-17T19:56:02.588Z
Updated: 2024-09-18T13:09:48.444Z
Reserved: 2024-09-02T16:00:02.424Z
Link: CVE-2024-45604
Vulnrichment
Updated: 2024-09-18T13:09:42.988Z
NVD
Status : Received
Published: 2024-09-17T20:15:04.893
Modified: 2024-09-17T20:15:04.893
Link: CVE-2024-45604
Redhat
No data.