N/A

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)

N/A

N/A

TYPO3 Extension Manager 路径遍历漏洞

TYPO3 8.7.30之前版本、9.5.12之前的9.x版本和10.2.2之前的10.x版本的Extension Manager中对手动上传的ZIP归档文件的提取存在路径遍历漏洞。攻击者可利用该漏洞在系统上执行任意代码。

N/A

N/A