CVE-2008-2717 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=4.0.0 <4.0.9 || >=4.1.0 <4.1.7 || >=4.2.0 <4.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.61841

Details

TYPO3 Unrestricted File Upload vulnerability TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Metadata

Created: 2022-05-01T23:52:38Z
Modified: 2024-02-09T16:34:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f35p-hcwf-9f9f/GHSA-f35p-hcwf-9f9f.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-f35p-hcwf-9f9f
Finding: F027
Auto approve: 1