CVE-2017-10993: Path Traversal

July 21, 2017 (updated October 3, 2019)

Contao allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.

References

contao.org/en/news/contao-3_5_28.html
nvd.nist.gov/vuln/detail/CVE-2017-10993

Detect and mitigate CVE-2017-10993 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →