Main Vulnerability Database SB2014052004

SB2014052004 - Input validation error in TYPO3

Published: May 20, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014052004

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2013-4250)

The vulnerability allows a remote #AU# to read and manipulate data.

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Remediation

Install update from vendor's website.

References

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/