Description
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Remediation
References
Related Vulnerabilities
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)
WordPress Plugin GA Backend Tracking Cross-Site Scripting (1.2)
MySQL CVE-2012-3160 Vulnerability (CVE-2012-3160)
WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)