Description

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Remediation

References

CVE-2013-4250

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43710)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5688)

WordPress Plugin Sell Media Cross-Site Scripting (2.4.1)

PHP Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2007-0455)

Oracle JRE CVE-2013-5772 Vulnerability (CVE-2013-5772)

Severity

Medium

Classification

CVE-2013-4250 CWE-20

Tags

Missing Update Known Vulnerabilities