EPSS
Percentile
81.5%
typo3/cms is vulnerable to unauthorized file upload. The library does not restrict files with the pht extension, allowing a malicious user to upload a .pht file to the application and execute arbitrary PHP script.
.pht
www.securitytracker.com/id/1039295
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/