Vulnerability CVE-2017-14251


Published: 2017-09-11

Description:
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

Vendor: Typo3
Product: Typo3 
Version:
8.7.4
8.7.3
8.7.2
8.7.1
8.7.0
8.6.1
8.6.0
8.5.1
8.5.0
8.4.1
8.4.0
8.3.1
8.3.0
8.2.1
8.2.0
8.1.2
8.1.1
8.1.0
8.0.1
8.0.0
7.6.9
7.6.8
7.6.7
7.6.6
7.6.5
7.6.4
7.6.3
7.6.21
7.6.20
7.6.2
7.6.19
7.6.18
7.6.17
7.6.16
7.6.15
7.6.14
7.6.13
7.6.12
7.6.11
7.6.10
7.6.1
7.6.0
Vendor: IBM
Product: Business process manager 
Version: 8.5.7.0; 8.0.1.1;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://blog.emaze.net/2017/12/typo3-unrestricted-file-upload-remote.html
http://www.securityfocus.com/bid/100620
http://www.securitytracker.com/id/1039295
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/

Related CVE
CVE-2017-1746
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135...
CVE-2017-1696
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Fo...
CVE-2017-1423
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.
CVE-2017-1494
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...
CVE-2017-1727
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.
CVE-2017-1699
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.
CVE-2017-1673
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...
CVE-2017-1672
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.

Copyright 2018, cxsecurity.com

 

Back to Top