Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Manager Pro Arbitrary File Upload (8.3.4)
Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)
Oracle HTTP Server CVE-2020-2952 Vulnerability (CVE-2020-2952)
WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)