Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-4250
HistoryMay 20, 2014 - 12:00 a.m.

CVE-2013-4250

2014-05-2000:00:00
ubuntu.com
ubuntu.com
7

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.5%

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3
6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file
extensions, which allow remote authenticated editors to execute arbitrary
PHP code by uploading a .php file.

Notes

Author Note
jdstrand per Debian, only 6.0-6.2

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.5%

Related for UB:CVE-2013-4250