Main Vulnerability Database Vulnerabilities #VU18901

Improper access control in TYPO3 - #VU18901

Published: June 25, 2019

Vulnerability identifier: #VU18901

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when uploading files via the Import/Export module. A remote authenticated user can bypass ACL restrictions and access import functionality.

This vulnerability does not allow uploading of dangerous files, but can be used in conjunction with other issues to elevate privileges within the application using other vulnerabilities.

Remediation

Install updates from vendor's website.

Sources

https://typo3.org/security/advisory/typo3-core-sa-2019-017/

Improper access control in TYPO3 - #VU18901

Detailed vulnerability description

Remediation

Sources

Please verify you're human