The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 up to and including 4.0.9, 4.1.0 up to and including 4.1.7, and 4.2.0 up to and including 4.2.3 allows remote malicious users to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
typo3 typo3 4.0.4 |
||
typo3 typo3 4.0.5 |
||
typo3 typo3 4.1.0 |
||
typo3 typo3 4.1.1 |
||
typo3 typo3 4.2.0 |
||
typo3 typo3 4.2.1 |
||
typo3 typo3 4.2.2 |
||
typo3 typo3 4.0.2 |
||
typo3 typo3 4.0.3 |
||
typo3 typo3 4.1.6 |
||
typo3 typo3 4.1.7 |
||
typo3 typo3 4.0 |
||
typo3 typo3 4.0.1 |
||
typo3 typo3 4.0.8 |
||
typo3 typo3 4.0.9 |
||
typo3 typo3 4.1.4 |
||
typo3 typo3 4.1.5 |
||
typo3 typo3 4.0.6 |
||
typo3 typo3 4.0.7 |
||
typo3 typo3 4.1.2 |
||
typo3 typo3 4.1.3 |
||
typo3 typo3 4.2.3 |
Vulmon