Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-1857 | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. |
Github GHSA |
GHSA-wjpc-gjf7-9938 | TYPO3 Arbitrary Code Execution vulnerability on the backend |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T03:18:52.962Z
Reserved: 2010-09-28T00:00:00.000Z
Link: CVE-2010-3663
No data.
Status : Modified
Published: 2019-11-04T22:15:10.530
Modified: 2026-06-16T23:23:17.010
Link: CVE-2010-3663
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-434
Unrestricted Upload of File with Dangerous Type
EUVD
Github GHSA