Vulnerability Details : CVE-2010-3663
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-3663
Probability of exploitation activity in the next 30 days: 0.77%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3663
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2010-3663
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3663
-
https://security-tracker.debian.org/tracker/CVE-2010-3663
CVE-2010-3663Third Party Advisory
-
https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution
TYPO3-SA-2010-012: Multiple vulnerabilities in TYPO3 CoreVendor Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
#590719 - TYPO3 Security Bulletin TYPO3-SA-2010-012: Multiple vulnerabilities in TYPO3 Core - Debian Bug report logsMailing List;Third Party Advisory
Products affected by CVE-2010-3663
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*