Lucene search
Ubuntu.comUB:CVE-2013-4250HistoryMay 20, 2014 - 12:00 a.m.
CVE-2013-4250
2014-05-2000:00:00
ubuntu.com
ubuntu.com
7
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
54.7%
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3
6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file
extensions, which allow remote authenticated editors to execute arbitrary
PHP code by uploading a .php file.
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian, only 6.0-6.2 |
Related
cvelist
cvelist
CVE-2013-4250
2014-05-20 14:00:00
CVE-2013-4321
2014-05-20 14:00:00
nvd
nvd
CVE-2013-4250
2014-05-20 14:55:04
CVE-2013-4321
2014-05-20 14:55:04
prion
prion
Design/Logic Flaw
2014-05-20 14:55:00
Design/Logic Flaw
2014-05-20 14:55:00
openvas
openvas
TYPO3 File Abstraction Code Execution Vulnerability
2014-01-06 00:00:00
cve
cve
CVE-2013-4250
2014-05-20 14:55:04
CVE-2013-4321
2014-05-20 14:55:04
typo3
typo3
Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
2013-07-30 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
54.7%
Related for UB:CVE-2013-4250