Typo3 Arbitrary File Disclosure in Form Component

2024-06-0415:01:36

Google

osv.dev

typo3

arbitrary file disclosure

form component

user input

backend user account

vulnerability

upload fields

7.1 High

AI Score

Confidence

Low

JSON

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields.

CPENameOperatorVersion
typo3/cmseq6.2.10-rc1
typo3/cmseq6.2.6
typo3/cmseq6.2.17
typo3/cmseq6.2.13
typo3/cmseq6.2.15
typo3/cmseq6.2.1
typo3/cmseq6.2.7
typo3/cmseq6.2.0
typo3/cmseq6.2.9
typo3/cmseq6.2.11

Name	Operator	Version
typo3/cms	eq	6.2.10-rc1
typo3/cms	eq	6.2.6
typo3/cms	eq	6.2.17
typo3/cms	eq	6.2.13
typo3/cms	eq	6.2.15
typo3/cms	eq	6.2.1
typo3/cms	eq	6.2.7
typo3/cms	eq	6.2.0
typo3/cms	eq	6.2.9
typo3/cms	eq	6.2.11

Rows per page:

1-10 of 211

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-04-12-2.yaml

typo3.org/security/advisory/typo3-core-sa-2016-010

7.1 High

AI Score

Confidence

Low

JSON