CVE-2023-30451
published 2023-12-25CVE-2023-30451: In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the…
PriorityP434medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
1.16%
63.2th percentile
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms-core | >= 10.0.0 < 10.4.43 | 10.4.43 |
| typo3 | cms-core | >= 11.0.0 < 11.5.35 | 11.5.35 |
| typo3 | cms-core | >= 12.0.0 < 12.4.11 | 12.4.11 |
| typo3 | cms-core | >= 13.0.0 < 13.0.1 | 13.0.1 |
| typo3 | cms-core | >= 8.0.0 < 8.7.57 | 8.7.57 |
| typo3 | cms-core | >= 9.0.0 < 9.5.46 | 9.5.46 |
| typo3 | typo3 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path Traversal in TYPO3 File Abstraction Layer Storages
ghsa·2024-02-13
CVE-2023-30451 [MEDIUM] CWE-22 Path Traversal in TYPO3 File Abstraction Layer Storages
Path Traversal in TYPO3 File Abstraction Layer Storages
### Problem
Configurable storages using the local driver of the File Abstraction Layer (FAL) could be configured to access directories outside of the root directory of the corresponding project. The system setting in `BE/lockRootPath` was not evaluated by the file abstraction layer component. An administrator-level backend user account is required to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.
#### ℹ️ **Strong security defaults - Manual actions required**
_see [Important: #102800 changelog](https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/11.5.x/Important-102800-FileAbstractionLayerEnforcesAbso
OSV
Path Traversal in TYPO3 File Abstraction Layer Storages
osv·2024-02-13
CVE-2023-30451 [MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages
Path Traversal in TYPO3 File Abstraction Layer Storages
### Problem
Configurable storages using the local driver of the File Abstraction Layer (FAL) could be configured to access directories outside of the root directory of the corresponding project. The system setting in `BE/lockRootPath` was not evaluated by the file abstraction layer component. An administrator-level backend user account is required to exploit this vulnerability.
### Solution
Update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.
#### ℹ️ **Strong security defaults - Manual actions required**
_see [Important: #102800 changelog](https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/11.5.x/Important-102800-FileAbstractionLayerEnforcesAbso
No detection rules found.
No writeups or analysis indexed.
2023-12-25
Published