contao/core Security Advisories for 2.11.10 (3)
-
[MEDIUM] A directory traversal vulnerability allows back end users to view files outside their document root
PKSA-mygf-dtyk-5jmz CVE-2015-0269 GHSA-4r6g-xhx7-fm36
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<3.4.4
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[CRITICAL] Insufficient input validation allows for code injection and remote execution
PKSA-r8p4-983n-brfy GHSA-wxxw-5gq6-j2g5
Affected version: >=2.0.0,<2.11.17|>=3.0.0,<3.2.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] PHP object injection vulnerability allows for arbitrary code execution
PKSA-kg5m-pjr6-ystg GHSA-wq43-8r5p-w3mc
Affected version: >=2.0.0,<2.11.16|>=3.0.0,<3.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub