PT-2019-6567 · Typo3 · Typo3

Helmut Hummel

Published

2019-11-04

Updated

2022-04-21

CVE-2010-3663

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.1.x through 4.1.13 TYPO3 versions 4.2.x through 4.2.12 TYPO3 versions 4.3.x through 4.3.3 TYPO3 versions 4.4.x through 4.4.0

Description The issue is related to an insecure default value of the fileDenyPattern variable, which could allow remote attackers to execute arbitrary code on the backend.

Recommendations For versions 4.1.x through 4.1.13, update to version 4.1.14 or later. For versions 4.2.x through 4.2.12, update to version 4.2.13 or later. For versions 4.3.x through 4.3.3, update to version 4.3.4 or later. For versions 4.4.x through 4.4.0, update to version 4.4.1 or later.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2010-3663

DSA-2098-1

GHSA-WJPC-GJF7-9938

Affected Products

Typo3

PT-2019-6567 · Typo3 · Typo3

CVE-2010-3663

Weakness Enumeration

Related Identifiers

Affected Products

References · 7