Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Remediation

References

CVE-2010-3663

Related Vulnerabilities

Oracle JRE CVE-2013-2456 Vulnerability (CVE-2013-2456)

WordPress Plugin WP SMS Cross-Site Scripting (5.4.9)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

MySQL CVE-2021-35631 Vulnerability (CVE-2021-35631)

Joomla CVE-2014-7229 Vulnerability (CVE-2014-7229)

Severity

High

Classification

CVE-2010-3663 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities