TYPO3 Translations.php File Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to a file disclosure vulnerability.

Impact

By submitting a malicious web request to this script that contains a relative path to a resource and a null character (%00), it is possible to retrieve arbitrary files that are readable by the web server process.

Solution

Upgrade to TYPO3 version 3.5.0 or later, for updates refer to http://typo3.org/

Insight

TYPO3 does not sufficiently sanitize input submitted via URI parameters of potentially malicious data. This issue exists in the translations.php script.

Affected

TYPO3 3.5 b5

Detection

Send a crafted HTTP GET request and check whether it is able to get sensitive information.

References

http://www.securityfocus.com/archive/1/313488
http://www.securityfocus.com/bid/6985

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech WebAccess Multiple Vulnerabilities
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
AVTECH DVR Multiple Vulnerabilities

Take action and discover your vulnerabilities