Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao.

Directory traversal in the back end

Date: 2015-02-12
CVE ID: CVE-2015-0269

Description

Arnaud Buchoux with Orange Consulting has discovered a directory traversal vulnerability, which allows logged in back end users to view files outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content.

Affected versions

Contao 3.* up to 3.4.3

Suggested solution

Update to Contao 3.4.4.

Back to the overview.

Security policy

If you think that you have found a se­cu­ri­ty is­sue in Con­tao, please re­port it ac­cor­ding to our se­cu­ri­ty poli­cy.