PKSA-bm99-nmx5-wsq1 Security Advisory
-
[HIGH] A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter
PKSA-bm99-nmx5-wsq1 CVE-2017-10993 GHSA-x5g4-crxq-qxjx
Affected package: contao/core-bundle
Affected version: >=4.0.0,<4.4.1
Reported by:
FriendsOfPHP/security-advisories, GitHub