The File Abstraction Layer (FAL) in TYPO3 6.0.x prior to 6.0.8 and 6.1.x prior to 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 6.1 |
||
typo3 typo3 6.1.1 |
||
typo3 typo3 6.1.2 |
||
typo3 typo3 6.1.3 |
||
typo3 typo3 6.0 |
||
typo3 typo3 6.0.2 |
||
typo3 typo3 6.0.7 |
||
typo3 typo3 6.0.1 |
||
typo3 typo3 6.0.3 |
||
typo3 typo3 6.0.4 |
||
typo3 typo3 6.0.5 |
||
typo3 typo3 6.0.6 |