CVE-2009-0258

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.0 through 4.0.9 TYPO3 versions 4.1.0 through 4.1.7 TYPO3 versions 4.2.0 through 4.2.3

Description The issue allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. Multiple vulnerabilities in the TYPO3 package may lead to a breach of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions 4.0.0 through 4.0.9, update to a version outside of this range to mitigate the risk. For versions 4.1.0 through 4.1.7, update to a version outside of this range to mitigate the risk. For versions 4.2.0 through 4.2.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the command-line indexer to minimize the risk of exploitation.