The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
References
Link | Resource |
---|---|
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-20T14:00:00
Updated: 2014-05-23T13:57:00
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4250
JSON object: View
NVD Information
Status : Modified
Published: 2014-05-20T14:55:04.147
Modified: 2014-05-31T04:25:30.817
Link: CVE-2013-4250
JSON object: View
Redhat Information
No data.
CWE