Name of the Vulnerable Software and Affected Versions: TYPO3 (affected versions not specified)

Description: The issue arises from Phar files, which can act as self-extracting archives, leading to the execution of source code when invoked. Phar files can be disguised with various file extensions, allowing them to be uploaded and persisted to a TYPO3 installation without being denied. A missing sanitization of user input enables these Phar files to be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is required to exploit this issue. While the attack vector could potentially be used in the TYPO3 frontend, no functional exploit has been identified yet.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.