CVE-2015-4607

Name of the Vulnerable Software and Affected Versions TYPO3 Frontend User Upload (feupload) extension version 0.5.0 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder.

Recommendations For versions 0.5.0 and earlier, consider disabling the file upload functionality in the Frontend User Upload (feupload) extension until a patch is available. Restrict access to the fileadmin folder to minimize the risk of exploitation. Avoid using executable file extensions in uploads to prevent arbitrary code execution.