The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-20T14:00:00
Updated: 2024-08-06T16:38:01.887Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4250
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-05-20T14:55:04.147
Modified: 2014-05-31T04:25:30.817
Link: CVE-2013-4250
Redhat
No data.