Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TYPO3 fileDenyPattern默认值多个文件上传漏洞
Vulnerability Description
Typo3是开源内容管理系统(CMS)和内容管理框架(CMF)。 TYPO3 4.0.9 之前的 4.0.x, 4.1.7 之前的 4.1.x 以及 4.2.1之前的 4.2.x, 由于TYPO3配置变量fileDenyPattern的默认值不够安全,运行在Apache Web服务器上的TYPO3中存在多个文件上传漏洞。允许访问任意文件加载的已认证后端用户可以利用这个漏洞上传Apache配置文件(.htaccess)。如果Apache Web服务器上启用了mod_mime模块(默认配置)的话,则恶意用户还
CVSS Information
N/A
Vulnerability Type
N/A