Описание
slub_events for Typo3 Arbitrary File Upload
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
Пакеты
Наименование
slub/slub-events
composer
Затронутые версииВерсия исправления
< 3.0.3
3.0.3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.