Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14251

Опубликовано: 11 сент. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03536
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

ubuntu логотип

CVE-2017-14251

CVSS3: 8.8
ubuntu
больше 8 лет назад

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

debian логотип

CVE-2017-14251

CVSS3: 8.8
debian
больше 8 лет назад

Unrestricted File Upload vulnerability in the fileDenyPattern in sysex ...

github логотип

GHSA-fh4q-hxrw-cjqq

CVSS3: 8.8
github
больше 3 лет назад

TYPO3 Arbitrary Code Execution

EPSS

Процентиль: 87%
0.03536
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434