Количество 2
Количество 2
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
GHSA-w6x2-jg8h-p6mp
Path Traversal in TYPO3 File Abstraction Layer Storages
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | CVSS3: 4.9 | 0% Низкий | около 2 лет назад |
| GHSA-w6x2-jg8h-p6mp Path Traversal in TYPO3 File Abstraction Layer Storages | CVSS3: 5.5 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу