PT-2019-6567 · Typo3 · Typo3

Helmut Hummel

Publicado

2019-11-04

Atualizado

2022-04-21

CVE-2010-3663

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.1.x through 4.1.13 TYPO3 versions 4.2.x through 4.2.12 TYPO3 versions 4.3.x through 4.3.3 TYPO3 versions 4.4.x through 4.4.0

Description The issue is related to an insecure default value of the fileDenyPattern variable, which could allow remote attackers to execute arbitrary code on the backend.

Recommendations For versions 4.1.x through 4.1.13, update to version 4.1.14 or later. For versions 4.2.x through 4.2.12, update to version 4.2.13 or later. For versions 4.3.x through 4.3.3, update to version 4.3.4 or later. For versions 4.4.x through 4.4.0, update to version 4.4.1 or later.

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2010-3663

DSA-2098-1

GHSA-WJPC-GJF7-9938

Produtos afetados

Typo3

PT-2019-6567 · Typo3 · Typo3

CVE-2010-3663

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7