First published: Tue Apr 25 2023(Updated: )
Directory traversal vulnerability in the file manager
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/contao/contao | >=4.9.0<4.9.40>=4.13.0<4.13.21>=5.1.0<5.1.4 | |
composer/contao/core-bundle | >=4.9.0<4.9.40>=4.13.0<4.13.21>=5.1.0<5.1.4 | |
Contao Contao | >=2.0.0<4.9.40 | |
Contao Contao | >=4.10.0<4.13.21 | |
Contao Contao | >=5.0.0<5.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29200 is a directory traversal vulnerability in the file manager of Contao, an open source content management system.
The severity of CVE-2023-29200 is medium with a CVSS score of 6.5.
CVE-2023-29200 allows logged in users to list arbitrary system files in the file manager by manipulating the Ajax request.
To fix CVE-2023-29200, users should update to Contao version 4.9.40, 4.13.21, or 5.1.4.
You can find more information about CVE-2023-29200 and the security advisories for Contao in the provided references.