Lucene search

[email protected]NVD:CVE-2009-3631

HistoryNov 02, 2009 - 3:30 p.m.

CVE-2009-3631

2009-11-0215:30:00

CWE-94

[email protected]

web.nvd.nist.gov

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

Affected configurations

NVD

Node

typo3typo3Range≤4.0.12

typo3typo3Match0.1.2

typo3typo3Match1.0.14

typo3typo3Match1.1

typo3typo3Match1.1.1

typo3typo3Match1.1.09

typo3typo3Match1.1.10

typo3typo3Match1.2.0

typo3typo3Match1.3.0

typo3typo3Match1.3.2

typo3typo3Match3.0

typo3typo3Match3.3.x

typo3typo3Match3.5

typo3typo3Match3.5.x

typo3typo3Match3.6.x

typo3typo3Match3.7.0

typo3typo3Match3.7.1

typo3typo3Match3.7.x

typo3typo3Match3.8

typo3typo3Match3.8.x

typo3typo3Match4.0

typo3typo3Match4.0.1

typo3typo3Match4.0.2

typo3typo3Match4.0.3

typo3typo3Match4.0.4

typo3typo3Match4.0.5

typo3typo3Match4.0.6

typo3typo3Match4.0.7

typo3typo3Match4.0.8

typo3typo3Match4.0.9

typo3typo3Match4.0.10

typo3typo3Match4.0.11

typo3typo3Match4.1.0

typo3typo3Match4.1.0beta1

typo3typo3Match4.1.0rc1

typo3typo3Match4.1.1

typo3typo3Match4.1.2

typo3typo3Match4.1.3

typo3typo3Match4.1.4

typo3typo3Match4.1.5

typo3typo3Match4.1.6

typo3typo3Match4.1.7

typo3typo3Match4.1.8

typo3typo3Match4.1.9

typo3typo3Match4.1.10

typo3typo3Match4.1.11

typo3typo3Match4.1.12

typo3typo3Match4.2.0

typo3typo3Match4.2.1

typo3typo3Match4.2.2

typo3typo3Match4.2.3

typo3typo3Match4.2.4

typo3typo3Match4.2.5

typo3typo3Match4.2.6

typo3typo3Match4.2.7

typo3typo3Match4.2.8

typo3typo3Match4.2.9

typo3typo3Match4.3

typo3typo3Match4.3alpha1

References

marc.info/?l=oss-security&m=125632856206736&w=2

secunia.com/advisories/37122

typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

www.securityfocus.com/bid/36801

www.vupen.com/english/advisories/2009/3009

exchange.xforce.ibmcloud.com/vulnerabilities/53923

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for NVD:CVE-2009-3631

ubuntucve1 cvelist1 github1 cve1 prion1 osv2 openvas5 nessus2 freebsd1 debian1 securityvulns2