Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.

2015

Directory traversal in the back end

by Leo Feyer

Date: 2015-02-12
CVE ID: CVE-2015-0269

Back end users can list files outside their file mounts or the document root. The problem affects all Contao versions and has been fixed in Contao 3.4.4.

Read more …