Описание
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| typo3-src | fixed | 4.3.5-1 | package |
EPSS
Процентиль: 86%
0.03147
Низкий
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 6 лет назад
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
CVSS3: 8.8
nvd
больше 6 лет назад
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
CVSS3: 8.8
github
почти 4 года назад
TYPO3 Arbitrary Code Execution vulnerability on the backend
EPSS
Процентиль: 86%
0.03147
Низкий