| |
Vulnerability CVE-2023-30451
Published: 2023-12-25
| Description: |
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Saeed reza Zaman... | 20.12.2023 |
Med. |
| Saeed reza Zaman... | 20.03.2024 |
Type:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
References: |
http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
