Lucene search

[email protected]CVE-2015-4607

HistoryJun 16, 2015 - 4:59 p.m.

CVE-2015-4607

2015-06-1616:59:06

[email protected]

web.nvd.nist.gov

cve-2015-4607

file upload

vulnerability

typo3

execute arbitrary code

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder.

Affected configurations

NVD

Node

frontend_user_upload_projectfrontend_user_uploadRange≤0.5.0typo3

CPENameOperatorVersion
frontend_user_upload_project:frontend_user_uploadfrontend user upload project frontend user uploadle0.5.0

CPE	Name	Operator	Version
frontend_user_upload_project:frontend_user_upload	frontend user upload project frontend user upload	le	0.5.0

References

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-006/

www.securityfocus.com/bid/75248

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2015-4607

prion1 nvd1 cvelist1