High severity7.5NVD Advisory· Published Oct 15, 2017· Updated May 13, 2026

CVE-2017-15363

Description

Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
aoe/restlerPackagist	< 1.7.1	1.7.1
luracast/restlerPackagist	< 3.1.0	3.1.0

Affected products

Luracast/Restler2 versions
cpe:2.3:a:luracast:restler:*:*:*:*:*:typo3:*:*+ 1 more
- cpe:2.3:a:luracast:restler:*:*:*:*:*:typo3:*:*range: <1.7.1
- cpe:2.3:a:luracast:restler:*:*:*:*:*:-:*:*range: <3.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

extensions.typo3.org/extension/download/restler/1.7.1/zip/nvdVendor Advisory
extensions.typo3.org/extension/restler/nvdProductVendor Advisory
github.com/advisories/GHSA-rvmg-xc29-rvxfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-15363ghsaADVISORY
extensions.typo3.org/extension/restlerghsaWEB
github.com/AOEpeople/TYPO3_Restler/releases/tag/1.7.1ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.049
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000