CVE-2013-4250

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Ссылки

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/
Vendor Advisory
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00391

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2013-4250

ubuntu

больше 11 лет назад

CVE-2013-4250

debian

больше 11 лет назад

The (1) file upload component and (2) File Abstraction Layer (FAL) in ...

GHSA-54jj-pxx2-pv8h

github

больше 3 лет назад

TYPO3 doesn't properly check file extensions

EPSS

Процентиль: 60%

0.00391

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-20