Description

Restler is a simple and effective multi-format Web API Server to host your PHP API as Pragmatic REST and / or RESTful API.

The Typo3 Restler extension version 1.7.0 (and earlier versions) suffers from a local file disclosure vulnerability that allows an attacker to read arbitrary system files.

Remediation

Upgrade to the latest version of Typo3 Restler extension.

References

Typo3 Restler 1.7.0 Local File Disclosure

Restler

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Multiple Vulnerabilities (5.5.3)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-8959)

WordPress Plugin BookX Local File Inclusion (1.7)

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal File Inclusion