GHSA-wjpc-gjf7-9938, CVE-2010-3663
packagist/typo3/cms-backend
Unrestricted Upload of File with Dangerous Type
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
All versions before 4.1.14, all versions starting from 4.2 before 4.2.13, all versions starting from 4.3 before 4.3.4, all versions starting from 4.4 before 4.4.1
Upgrade to versions 4.1.14, 4.2.13, 4.3.4, 4.4.1 or above.
2024-02-07
source |