Main Vulnerability Database Vulnerabilities #VU18901

#VU18901 Improper access control in TYPO3

Published: June 25, 2019

Vulnerability identifier: #VU18901

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TYPO3

Software vendor:
TYPO3

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when uploading files via the Import/Export module. A remote authenticated user can bypass ACL restrictions and access import functionality.

This vulnerability does not allow uploading of dangerous files, but can be used in conjunction with other issues to elevate privileges within the application using other vulnerabilities.

Remediation

Install updates from vendor's website.

External links

https://typo3.org/security/advisory/typo3-core-sa-2019-017/

#VU18901 Improper access control in TYPO3

Description

Remediation

External links

Please verify you're human