Description
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Remediation
References
Related Vulnerabilities
Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)
Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)
phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000419)