Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-5099 — Improper Input Validation in CMS

CWE-20 — Improper Input Validation CWE-22 — Path Traversal5 documents5 sources

Severity

6.8MEDIUMNVD

CNA7.1GHSA7.1OSV7.1

EPSS

6.0%

top 9.33%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Typo3 CMS Typo3

Timeline

PublishedMay 30

Latest updateMay 17

Description

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Packagisttypo3/cms4.2.0 — 4.2.16+2

▶NVDtypo3/typo330 versions+29

🔴Vulnerability Details

GHSA

TYPO3 Path Traversal vulnerability↗2022-05-17

▶

OSV

TYPO3 Path Traversal vulnerability↗2022-05-17

▶

CVEList

CVE-2010-5099: The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4↗2012-05-30

▶

💥Exploits & PoCs

Exploit-DB

TYPO3 - Arbitrary File Retrieval↗2010-12-29

▶