Description
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Remediation
References
Related Vulnerabilities
Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)
WordPress Plugin Slideshow Pro Arbitrary File Upload (2.4)
WordPress Plugin Search and Share Cross-Site Scripting (0.9.3)
MySQL CVE-2015-4766 Vulnerability (CVE-2015-4766)
OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)