CVE-2015-4607

2015-06-16T16:59:00
ID CVE-2015-4607
Type cve
Reporter cve@mitre.org
Modified 2016-12-07T18:13:00

Description

Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>