Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TYPO3 Backend File Upload/FAL扩展任意文件上传漏洞
Vulnerability Description
TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 6.0.8之前的6.0.x版本和6.1.3之前的6.1.x版本中的文件上传组件和File Abstraction Layer (FAL)中存在安全漏洞,该漏洞源于程序没有正确检查文件扩展名。远程攻击者可通过上传PHP文件利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A