Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.

Remediation

References

CVE-2013-4321

Related Vulnerabilities

Ruby on Rails Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-22885)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10737)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6203)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0830)

MySQL CVE-2020-14838 Vulnerability (CVE-2020-14838)

Severity

Medium

Classification

CVE-2013-4321 CWE-94

Tags

Missing Update Known Vulnerabilities