Description
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Testimonial Cross-Site Scripting (1.5.9)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0788)
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) Security Bypass (5.4)