An issue exists in TYPO3 prior to 8.7.30, 9.x prior to 9.5.12, and 10.x prior to 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 |