Typo3 : Security Vulnerabilities, CVEs, Published In May 2014

CVE-2013-4321

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
Max CVSS
6.5
EPSS Score
0.25%
Published
2014-05-20
Updated
2014-05-21

CVE-2013-4320

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Max CVSS
5.5
EPSS Score
0.13%
Published
2014-05-20
Updated
2014-05-21

CVE-2013-4250

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Max CVSS
6.5
EPSS Score
0.17%
Published
2014-05-20
Updated
2014-05-31

CVE-2012-6146

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
Max CVSS
4.0
EPSS Score
0.08%
Published
2014-05-20
Updated
2014-05-21
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close