GHSA-3gjc-mp82-fj4q

Опубликовано: 25 дек. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.9

Описание

Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-w6x2-jg8h-p6mp. This link is maintained to preserve external references.

Original Description

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-30451
http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html

Пакеты

Наименование

typo3/cms-core

composer

Затронутые версииВерсия исправления

= 11.5.24

Отсутствует

4.9 Medium

CVSS3

Дефекты

CWE-22

4.9 Medium

CVSS3

Дефекты

CWE-22