CVE-2010-3663

HIGH

Typo3 < 4.1.14 - Unrestricted File Upload

Title source: rule

Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

References (3)

[Mailing List, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2010-3663

[Vendor Advisory] https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution

Scores

CVSS v3 8.8

EPSS 0.0299

EPSS Percentile 86.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status published

Affected Products (2)

typo3/typo3 < 4.1.14

typo3/cms-backend < 4.1.14Packagist

Timeline

Published Nov 04, 2019

Tracked Since Feb 18, 2026