PT-2024-31703 · Contao · Contao

Usdresponsibledisclosure

Published

2024-09-17

Updated

2024-09-25

CVE-2024-45604

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49

Description: The issue allows authenticated users in the back end to list files outside the document root in the file selector widget. There are no known workarounds for this issue.

Recommendations: Update to Contao 4.13.49. As a temporary workaround, consider restricting access to the file selector widget until the update is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-45604

GHSA-4P75-5P53-65M9

Affected Products

Contao

PT-2024-31703 · Contao · Contao

CVE-2024-45604

Weakness Enumeration

Related Identifiers

Affected Products

References · 11