CVE-2013-4250
EPSS 0.39%TYPO3 doesn't properly check file extensions
Published: 5/17/2022Modified: 4/14/2025
Also known as:GHSA-54jj-pxx2-pv8h
Description
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Affected packages (1)
- Packagist/typo3/cms>= 6.0.0, < 6.0.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |