Description
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)
WordPress Plugin blogVault Real-time Backup PHP Object Injection (1.44)
Joomla Improper Input Validation Vulnerability (CVE-2011-2892)