3 matches found
CVE-2021-21355
creationtimestamp| type| source ---|---|--- 2021-03-23 06:37:59+00:00| seen| https://t.me/cibsecurity/25272...
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...
CVE-2021-21355
TYPO3 8.7.40, 9.5.25, 10.4.14, 11.1.1 fix a file-upload vulnerability where UploadedFileReferenceConverter can accept any mime-type for certain Extbase-based uploads, allowing attackers to place arbitrary files under /fileadmin/user_upload/ (and potentially reference/guess filenames). Impact stat...