TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
Published 2021-03-23 02:15:13
Updated 2021-03-26 18:55:38
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Directory traversalInput validation

Exploit prediction scoring system (EPSS) score for CVE-2021-21357

0.11%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-21357

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.5
MEDIUM AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
NIST
8.3
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
2.8
5.5
NIST
8.3
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
2.8
5.5
GitHub, Inc.

CWE ids for CVE-2021-21357

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: security-advisories@github.com (Primary)
  • The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
    Assigned by: security-advisories@github.com (Primary)
  • The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
    Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-21357

Products affected by CVE-2021-21357

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!