Description

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.

Remediation

References

CVE-2010-4068

Related Vulnerabilities

WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (4.9.1)

WordPress Plugin Post PDF Export Local File Inclusion (1.0.1)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9041)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6148)

Severity

Medium

Classification

CVE-2010-4068 CWE-20

Tags

Missing Update Known Vulnerabilities