Security advisories
Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.
Directory traversal in the back end
Date: 2015-02-12
CVE ID: CVE-2015-0269
Description
Arnaud Buchoux with Orange Consulting has discovered a directory traversal vulnerability, which allows logged in back end users to view files outside their file mounts or the document root. It is, however, not possible to edit these files or to view their content.
Affected versions
Contao 3.* up to 3.4.3
Suggested solution
Update to Contao 3.4.4.
