Fluid Attacks Database

Description

Typo3 Arbitrary File Disclosure in Form Component Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	typo3/cms	>=6.2.0 <6.2.20	6.2.20

Aliases

1. GCVE-GHSA-wrpf-2x8h-82gr

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-04-12-2.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2016-010

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.