Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Remediation

References

CVE-2010-3663

Related Vulnerabilities

WordPress Plugin WPBakery Page Builder Clipboard Cross-Site Scripting (4.5.5)

WordPress Plugin Backup and Staging by WP Time Capsule PHP Object Injection (1.21.9)

Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)

WordPress Plugin Smartest Way To Design & Customize WordPress Comments & Comment Form-WP Comment Designer Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.3)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (1.7.2)

Severity

High

Classification

CVE-2010-3663 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities