CVE-2008-2717Unrestricted File Upload in Cms-core

CWE-264CWE-434Unrestricted File Upload4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 Cms-coreTypo3
Timeline
PublishedJun 16
Latest updateMay 1

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

Packagisttypo3/cms-core4.0.04.0.9+2
NVDtypo3/typo317 versions+16

🔴Vulnerability Details

3
OSV
TYPO3 Unrestricted File Upload vulnerability2022-05-01
GHSA
TYPO3 Unrestricted File Upload vulnerability2022-05-01
CVEList
CVE-2008-2717: TYPO3 42008-06-16
CVE-2008-2717 — Unrestricted File Upload in Cms-core | cvebase