Описание
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | needs-triage |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 60%
0.00391
Низкий
6.5 Medium
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
debian
больше 11 лет назад
The (1) file upload component and (2) File Abstraction Layer (FAL) in ...
EPSS
Процентиль: 60%
0.00391
Низкий
6.5 Medium
CVSS2