Lucene search
HistoryMay 20, 2014 - 2:55 p.m.
CVE-2013-4250
typo3
file upload
remote code execution
cve-2013-4250
security vulnerability
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.6%
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Affected configurations
Node
typo3typo3Match6.0
ORtypo3typo3Match6.0.1
ORtypo3typo3Match6.0.2
ORtypo3typo3Match6.0.3
ORtypo3typo3Match6.0.4
ORtypo3typo3Match6.0.5
ORtypo3typo3Match6.0.6
ORtypo3typo3Match6.0.7
ORtypo3typo3Match6.0.9
Node
typo3typo3Match6.1
ORtypo3typo3Match6.1.1
ORtypo3typo3Match6.1.2
Related
cvelist
cvelist
CVE-2013-4250
2014-05-20 14:00:00
CVE-2013-4321
2014-05-20 14:00:00
nvd
nvd
CVE-2013-4250
2014-05-20 14:55:04
CVE-2013-4321
2014-05-20 14:55:04
openvas
openvas
TYPO3 File Abstraction Code Execution Vulnerability
2014-01-06 00:00:00
ubuntucve
ubuntucve
CVE-2013-4250
2014-05-20 00:00:00
prion
prion
Design/Logic Flaw
2014-05-20 14:55:00
Design/Logic Flaw
2014-05-20 14:55:00
cve
cve
CVE-2013-4321
2014-05-20 14:55:04
typo3
typo3
Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
2013-07-30 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
54.6%
Related for CVE-2013-4250