VIR Vulnerability Intelligence Relay

CVE-2017-10993

high
Published 2017-07-21 · Modified 2024-04-25
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

Contao Core directory traversal vulnerability

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://contao.org/en/news/contao-3_5_28.html

Package impact
EcosystemPackageVulnerableFixed
php Packagistcontao/contao>=4.0.0,<4.4.14.4.1
php Packagistcontao/core-bundle>=4.0.0,<4.4.14.4.1
php Packagistcontao/core>=3.0.0,<3.5.283.5.28

Application impact
VendorProductVersionsFixed
contaocontao_cms{"endIncluding":"3.5.27"}
contaocontao_cms4.0.0
contaocontao_cms4.0.1
contaocontao_cms4.0.2
contaocontao_cms4.0.3
contaocontao_cms4.0.4
contaocontao_cms4.1.0
contaocontao_cms4.1.1
contaocontao_cms4.1.2
contaocontao_cms4.1.3
contaocontao_cms4.2.0
contaocontao_cms4.2.1
contaocontao_cms4.2.2
contaocontao_cms4.2.3
contaocontao_cms4.2.4
contaocontao_cms4.2.5
contaocontao_cms4.3.0
contaocontao_cms4.3.1
contaocontao_cms4.3.2
contaocontao_cms4.3.3
contaocontao_cms4.3.5
contaocontao_cms4.3.6
contaocontao_cms4.3.7
contaocontao_cms4.3.8
contaocontao_cms4.3.9
contaocontao_cms4.3.10
contaocontao_cms4.3.11
contaocontao_cms4.4.0

References

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.