Description
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5400)
Java Unspesificed Vulnerability (CVE-2018-2973)
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)