The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x prior to 6.0.8 and 6.1.x prior to 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 6.0.2 |
||
typo3 typo3 6.0.3 |
||
typo3 typo3 6.0.6 |
||
typo3 typo3 6.0.7 |
||
typo3 typo3 6.0 |
||
typo3 typo3 6.0.1 |
||
typo3 typo3 6.0.9 |
||
typo3 typo3 6.0.4 |
||
typo3 typo3 6.0.5 |
||
typo3 typo3 6.1 |
||
typo3 typo3 6.1.1 |
||
typo3 typo3 6.1.2 |