| |
Podatność CVE-2023-30451
Publikacja: 2023-12-25
| Opis: |
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. |
W naszej bazie, znaleźliśmy następujące noty dla tego CVE: | Tytuł | Autor | Data |
Med. |
| Saeed reza Zaman... | 20.12.2023 |
Med. |
| Saeed reza Zaman... | 20.03.2024 |
Typ:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
Referencje: |
http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English