logo

Database

Insecure file upload In typo3/cms-backend

Description

TYPO3 Arbitrary Code Execution vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2010-36632. NVD-2010-36633. OSV-2010-36634. GCVE-2010-36635. SECURITY-TRACKER-CVE-2010-3663

References

1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5907192. https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.