CVE-2010-3663

Unrestricted Upload of File with Dangerous Type in packagist/typo3/cms-backend

Identifiers

GHSA-wjpc-gjf7-9938, CVE-2010-3663

Package Slug

packagist/typo3/cms-backend

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

Affected Versions

All versions before 4.1.14, all versions starting from 4.2 before 4.2.13, all versions starting from 4.3 before 4.3.4, all versions starting from 4.4 before 4.4.1

Solution

Upgrade to versions 4.1.14, 4.2.13, 4.3.4, 4.4.1 or above.

Last Modified

2024-02-07

source