9 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.4%
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
security-tracker.debian.org/tracker/CVE-2010-3663
typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution