Lucene search
HistoryMay 20, 2014 - 2:55 p.m.
CVE-2013-4320
typo3
file abstraction layer
fal
cve-2013-4320
remote code execution
security vulnerability
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.6%
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Affected configurations
Node
typo3typo3Match6.1
ORtypo3typo3Match6.1.1
ORtypo3typo3Match6.1.2
ORtypo3typo3Match6.1.3
Node
typo3typo3Match6.0
ORtypo3typo3Match6.0.1
ORtypo3typo3Match6.0.2
ORtypo3typo3Match6.0.3
ORtypo3typo3Match6.0.4
ORtypo3typo3Match6.0.5
ORtypo3typo3Match6.0.6
ORtypo3typo3Match6.0.7
ORtypo3typo3Match6.0.8
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3:typo3 | typo3 | eq | 6.1 |
| typo3:typo3 | typo3 | eq | 6.1.1 |
| typo3:typo3 | typo3 | eq | 6.1.2 |
| typo3:typo3 | typo3 | eq | 6.1.3 |
Related
osv
osv
TYPO3 Improper Access Management in the File Abstraction Layer
2022-05-17 04:43:27
prion
prion
Design/Logic Flaw
2014-05-20 14:55:00
cvelist
cvelist
CVE-2013-4320
2014-05-20 14:00:00
nvd
nvd
CVE-2013-4320
2014-05-20 14:55:04
github
github
TYPO3 Improper Access Management in the File Abstraction Layer
2022-05-17 04:43:27
openvas
openvas
TYPO3 File Abstraction Layer Multiple Vulnerabilities
2014-01-06 00:00:00
typo3
typo3
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.6%
Related for CVE-2013-4320