We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Authenticated users in the back end can list files outside the document root in the file manager.
Update to Contao 4.9.40, 4.13.21 or 5.1.4.
None.
https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
If you have any questions or comments about this advisory, open an issue in contao/contao.
Impact
Authenticated users in the back end can list files outside the document root in the file manager.
Patches
Update to Contao 4.9.40, 4.13.21 or 5.1.4.
Workarounds
None.
References
https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.