6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
54.5%
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3
6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file
extensions, which allow remote authenticated editors to execute arbitrary
PHP code by uploading a .php file.
Author | Note |
---|---|
jdstrand | per Debian, only 6.0-6.2 |