typo3/cms-core is vulnerable to Directory Traversal. The vulnerability is due to TSconfig fields in page property backend forms, which allows an attacker to inject malicious sequences into the tsconfig_includes field which results in directory traversal.