CVE-2013-4250

EPSS 0.39%

TYPO3 doesn't properly check file extensions

發布日:2022/5/17修改日:2025/4/14

描述

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

受影響套件(1)

Packagist/typo3/cms>= 6.0.0, < 6.0.8

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4250
PATCHhttps://github.com/TYPO3/typo3
WEBhttps://typo3.org/security/advisory/typo3-core-sa-2013-002