PKSA-rsrx-gn7x-r7yr Security Advisory
-
[HIGH] A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter
PKSA-rsrx-gn7x-r7yr CVE-2017-10993 GHSA-x5g4-crxq-qxjx
Affected package: contao/core
Affected version: >=3.0.0,<3.5.28
Reported by:
FriendsOfPHP/security-advisories, GitHub