CVE-2013-4320

EPSS 0.13%

TYPO3 Improper Access Management in the File Abstraction Layer

Published: 5/17/2022Modified: 11/8/2023

Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Affected packages (1)

Packagist/typo3/cms-core>= 6.0, < 6.0.9

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4320
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003