Medium severity4.3NVD Advisory· Published May 26, 2017· Updated Jun 17, 2026
CVE-2015-0269
CVE-2015-0269
Description
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
contao/corePackagist | >= 3.4.0, < 3.4.4 | 3.4.4 |
contao/corePackagist | >= 2.0.0, < 3.2.19 | 3.2.19 |
Affected products
7cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*range: <=3.2.18
- cpe:2.3:a:contao:contao_cms:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:contao:contao_cms:3.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:contao:contao_cms:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:contao:contao_cms:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:contao:contao_cms:3.4.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- contao.org/en/news/contao-3_2_19.htmlnvdVendor AdvisoryWEB
- contao.org/en/news/contao-3_4_4.htmlnvdVendor AdvisoryWEB
- contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-4r6g-xhx7-fm36ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-0269ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2015-0269.yamlghsaWEB
- github.com/contao/core/commit/0229e839b4849e402256b972eb62f89f2c29674dghsaWEB
News mentions
0No linked articles in our index yet.