WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)

Description

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Remediation

References

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5546)

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)

MySQL CVE-2020-14827 Vulnerability (CVE-2020-14827)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3836)

Severity

Medium

Classification

CVE-2013-4250 CWE-20

Tags

Missing Update Known Vulnerabilities