Main Vulnerability Database Vulnerabilities #VU41654

Input validation error in TYPO3 - CVE-2013-4250

Published: May 20, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41654

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4250

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

How to mitigate CVE-2013-4250

Install update from vendor's website.

Sources

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/

Input validation error in TYPO3 - CVE-2013-4250

Detailed vulnerability description

How to mitigate CVE-2013-4250

Sources

Please verify you're human