Typo3 Arbitrary File Disclosure in Form Component

2024-06-0415:01:36

CWE-200

GitHub Advisory Database

github.com

typo3

arbitrary file disclosure

form component

user input

backend user account

vulnerability

upload fields

7.1 High

AI Score

Confidence

Low

JSON

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<6.2.20

CPENameOperatorVersion
typo3/cmslt6.2.20

CPE	Name	Operator	Version
	typo3/cms	lt	6.2.20

References

github.com/advisories/GHSA-wrpf-2x8h-82gr

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-04-12-2.yaml

typo3.org/security/advisory/typo3-core-sa-2016-010

7.1 High

AI Score

Confidence

Low

JSON