CVE-2009-0258
TYPO3 4.0.0-4.0.9 4.1.0-4.1.7 4.2.0-4.2.3 - Remote Code Execution via Indexed Search Engine Filename
Title source: llmDescription
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33617
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48138
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33376
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/01/23/4
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33679
Scores
EPSS
0.0339
EPSS Percentile
87.6%
Details
CWE
CWE-20
Status
published
Products (23)
typo3/cms
4.0.0 - 4.0.10Packagist
typo3/typo3
4.0
typo3/typo3
4.0.1
typo3/typo3
4.0.2
typo3/typo3
4.0.3
typo3/typo3
4.0.4
typo3/typo3
4.0.5
typo3/typo3
4.0.6
typo3/typo3
4.0.7
typo3/typo3
4.0.8
... and 13 more
Published
Jan 22, 2009
Tracked Since
Feb 18, 2026