CVE-2024-45604

Published Sep 17, 2024

Last updated 2 months ago

CVSS medium 4.3

Overview

Description: Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
Source: security-advisories@github.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E47DC0CF-1FA6-4AAC-88A6-A9616D017E2E",
            "versionEndExcluding": "4.13.49"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References