CVE-2013-4320

EPSS 0.13%

TYPO3 Improper Access Management in the File Abstraction Layer

發布日:2022/5/17修改日:2023/11/8

描述

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

受影響套件(1)

Packagist/typo3/cms-core>= 6.0, < 6.0.9

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4320
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003