Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Remediation

References

CVE-2010-3663

Related Vulnerabilities

MySQL CVE-2021-2160 Vulnerability (CVE-2021-2160)

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-10133)

PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5279)

WordPress Plugin Genesis Columns Advanced Cross-Site Scripting (2.0.3)

Severity

High

Classification

CVE-2010-3663 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities