CVE-2008-2717

TYPO3 Unrestricted File Upload vulnerability in packagist/typo3/cms-core

Identifiers

GHSA-f35p-hcwf-9f9f, CVE-2008-2717

Package Slug

packagist/typo3/cms-core

Vulnerability

TYPO3 Unrestricted File Upload vulnerability

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Affected Versions

All versions starting from 4.0.0 before 4.0.9, all versions starting from 4.1.0 before 4.1.7, all versions starting from 4.2.0 before 4.2.1

Solution

Upgrade to versions 4.0.9, 4.1.7, 4.2.1 or above.

Last Modified

2024-02-12

source