CVE-2014-6298
mm_forum < 1.9.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Title source: llmDescription
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
References (2)
Core 2
Core References
Patch x_refsource_confirm
http://typo3.org/extensions/repository/view/mm_forum
Patch, Vendor Advisory x_refsource_misc
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/
Scores
EPSS
0.0233
EPSS Percentile
81.4%
Details
CWE
CWE-94
Status
published
Products (15)
mm_forum_project/mm_forum
0.1.0
mm_forum_project/mm_forum
0.1.1
mm_forum_project/mm_forum
0.1.2
mm_forum_project/mm_forum
0.1.3
mm_forum_project/mm_forum
0.1.4
mm_forum_project/mm_forum
0.1.5
mm_forum_project/mm_forum
0.1.6
mm_forum_project/mm_forum
0.1.7
mm_forum_project/mm_forum
0.1.8
mm_forum_project/mm_forum
1.8.1
... and 5 more
Published
Oct 03, 2014
Tracked Since
Feb 18, 2026