CVE-2010-3663

HIGH8.8EPSS 3.0%

TYPO3 Arbitrary Code Execution vulnerability on the backend

Published: 4/21/2022Modified: 2/6/2024

Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Affected packages (1)

Packagist/typo3/cms-backendfrom 0, < 4.1.14

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-3663
PATCHhttps://github.com/TYPO3-CMS/backend
WEBhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
WEBhttps://security-tracker.debian.org/tracker/CVE-2010-3663
WEBhttps://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution