Name of the Vulnerable Software and Affected Versions: TYPO3 (affected versions not specified)

Description: A security issue exists due to a missing file extension in the fileDenyPattern, allowing backend users to upload *.pht files. These files can be executed in certain web server setups. The issue arises from an incomplete fileDenyPattern, which may have been overridden in the TYPO3 Install Tool.

Recommendations: For all affected versions, update the fileDenyPattern to the new default, which is .(php[3-7]?|phpsh|phtml|pht)(..*)?$|^.htaccess$. This change should prevent the upload of executable files that could be run on the server.