Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
References
| Link | Resource |
|---|---|
| https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget | Vendor Advisory |
| https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9 | Third Party Advisory |
Configurations
History
25 Sep 2024, 19:22
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* | |
| First Time |
Contao contao
Contao |
|
| References | () https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget - Vendor Advisory | |
| References | () https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9 - Third Party Advisory |
20 Sep 2024, 12:30
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
17 Sep 2024, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-09-17 20:15
Updated : 2024-09-25 19:22
NVD link : CVE-2024-45604
Mitre link : CVE-2024-45604
CVE.ORG link : CVE-2024-45604
JSON object : View
Products Affected
contao
- contao
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')