Description

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Remediation

References

CVE-2013-4250

Related Vulnerabilities

WordPress Plugin Import Export WordPress Users CSV Injection (1.3.1)

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

Joomla Improper Input Validation Vulnerability (CVE-2018-11321)

Oracle JRE CVE-2017-10293 Vulnerability (CVE-2017-10293)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (1.1.4.5)

Severity

Medium

Classification

CVE-2013-4250 CWE-20

Tags

Missing Update Known Vulnerabilities