Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Remediation

References

CVE-2010-3663

Related Vulnerabilities

WordPress Plugin File Manager Pro Arbitrary File Upload (8.3.4)

Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22795)

Oracle HTTP Server CVE-2020-2952 Vulnerability (CVE-2020-2952)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1878)

WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)

Severity

High

Classification

CVE-2010-3663 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities