CVE-2017-10993

{"id": "CVE-2017-10993", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-07-21T06:29:00.200", "references": [{"url": "https://contao.org/en/news/contao-3_5_28.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal."}, {"lang": "es", "value": "Contao anterior a versi\u00f3n 3.5.28 y versi\u00f3n 4.x anterior a 4.4.1, permite que los atacantes remotos incluyan y ejecuten archivos PHP locales arbitrarios por medio de un par\u00e1metro creado en una URL, tambi\u00e9n se conoce como Salto de Directorio."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "345EFF44-3226-4823-92C5-3E94043A0384", "versionEndIncluding": "3.5.27"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36BE117-EB7C-416B-A0C8-FAD70E65C7F5"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63498341-5F80-4552-A533-3DA0C398FEA9"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D08FA6D9-CFF9-496A-A4E3-35CFBB832802"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D45C3808-BEDF-403A-A972-630067B29525"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "590812CA-69C8-433B-B95E-F9419655E950"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFE4F7CE-9A04-4A84-9C45-28DC84A386BE"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C978D3A-B6B3-4BD7-9C49-F5D9C076B498"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50F00A7E-AE29-40CA-AE6B-D5FEBE483CB8"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57CC647-3B81-475D-A4A3-499D223941F8"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0473068-D670-41FE-AFCD-0B14E9EC8705"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD176B3F-51E2-4BC0-9C34-116C2532F2D0"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AB7FC43-D899-4AF2-B48B-CA689D8E0E60"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3856C8EA-96A6-4164-BA6B-C7B2827416C3"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7B0B82-B936-4283-BB12-16E4CD1024A6"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F67D76B5-92C0-4403-9F7C-DB91C0A8E52B"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "103492BC-2152-41D6-9A3D-EE95AE5AE8A2"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E9C0D4-3DC2-4AB6-BE48-FBAB387FF24A"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "228151A7-BBC0-413C-9220-05D3F45D148F"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49A00DDA-346C-476F-832B-D0DA9B8CB926"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "563EA1E3-ECB2-454B-BC0D-5E7AFE2A1566"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A33B5AE6-7AD8-4F7A-8E72-21962C601E82"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5239F9C4-1601-477D-9CB4-C95586BB3F6E"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C8E022-7F37-4BFA-9D28-C083ADE58CBF"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479DEA11-6158-476F-AEC6-2BED5AC3FC5C"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75BE9E24-F0EA-4D5F-B172-92EBE3FC8F5F"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4728FDD-09FD-4752-AC10-BEA4BFC3C16C"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BBD2BD2-341E-4332-8A78-8973895A8C40"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA95607-828A-4FBB-818F-D22DBD4A19DC"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E145183E-26DD-435B-B060-8E3F17F0EA7C"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCC3036F-A8BA-402F-9F94-E5A8CA880606"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FE8357-7569-4F12-847B-F615BBB75486"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA64EC0D-FACA-4683-84AA-8288BECD376D"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CE3E158-9C34-490E-8858-F887A98AFB9F"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3759FE91-B5BF-4DAD-B972-FB23C5FE12C0"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C095B1-09F3-43EE-9738-8157ED74A5F1"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D08445B-DCB8-416A-A0E1-62D9E1E68B0A"}, {"criteria": "cpe:2.3:a:contao:contao_cms:4.4.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A176687-80CF-4159-97CA-05B332F5E295"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}