Lucene search
GitHub Advisory DatabaseGHSA-P9JG-9W87-6RG4HistoryMay 17, 2022 - 4:43 a.m.
TYPO3 Improper Access Management in the File Abstraction Layer
2022-05-1704:43:27
CWE-284
GitHub Advisory Database
github.com
4
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.7%
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Affected configurations
Node
typo3cms_poll_system_extensionRange<6.1.4
ORtypo3cms_poll_system_extensionRange<6.0.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | lt | 6.1.4 | |
| typo3/cms-core | lt | 6.0.9 |
Related
osv
osv
TYPO3 Improper Access Management in the File Abstraction Layer
2022-05-17 04:43:27
prion
prion
Design/Logic Flaw
2014-05-20 14:55:00
cvelist
cvelist
CVE-2013-4320
2014-05-20 14:00:00
cve
cve
CVE-2013-4320
2014-05-20 14:55:04
nvd
nvd
CVE-2013-4320
2014-05-20 14:55:04
openvas
openvas
TYPO3 File Abstraction Layer Multiple Vulnerabilities
2014-01-06 00:00:00
typo3
typo3
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.7%
Related for GHSA-P9JG-9W87-6RG4