cbcvebase.
CVE-2017-15363
published 2017-10-15

CVE-2017-15363: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.65%
96.0th percentile
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

Affected

4 ranges
VendorProductVersion rangeFixed in
aoerestler>= 0 < 1.7.11.7.1
luracastrestler< 1.7.11.7.1
luracastrestler< 3.0.03.0.0
luracastrestler>= 0 < 3.1.03.1.0

Detection & IOCsextracted from sources · hover to see the quote

path/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php
url{{BaseURL}}/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php
pathpublic/examples/resources/getsource.php
  • Look for GET requests to getsource.php with a 'file' parameter containing directory traversal sequences (e.g., '../') targeting LocalConfiguration.php or other sensitive files.
  • A successful exploitation response (HTTP 200) will contain PHP config keywords: '<?php', "'host'", "'database'", "'extConf'", "'debug'" in the body — indicative of TYPO3 LocalConfiguration.php disclosure.
  • ·The vulnerable script is only present in TYPO3 installations using the restler extension before version 1.7.1; the path is specific to the TYPO3 extension layout under typo3conf/ext/restler/.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.