Description
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)
WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)
WordPress Plugin WP Symposium Pro Social Network Multiple Vulnerabilities (15.12)
XOOPS Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4851)
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)