The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
References
Link | Resource |
---|---|
http://marc.info/?l=oss-security&m=125632856206736&w=2 | |
http://secunia.com/advisories/37122 | Vendor Advisory |
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | Patch Vendor Advisory |
http://www.securityfocus.com/bid/36801 | Patch |
http://www.vupen.com/english/advisories/2009/3009 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 | |
http://marc.info/?l=oss-security&m=125632856206736&w=2 | |
http://secunia.com/advisories/37122 | Vendor Advisory |
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ | Patch Vendor Advisory |
http://www.securityfocus.com/bid/36801 | Patch |
http://www.vupen.com/english/advisories/2009/3009 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=oss-security&m=125632856206736&w=2 - | |
References | () http://secunia.com/advisories/37122 - Vendor Advisory | |
References | () http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/ - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/36801 - Patch | |
References | () http://www.vupen.com/english/advisories/2009/3009 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 - |
Information
Published : 2009-11-02 15:30
Updated : 2024-11-21 01:07
NVD link : CVE-2009-3631
Mitre link : CVE-2009-3631
CVE.ORG link : CVE-2009-3631
JSON object : View
Products Affected
typo3
- typo3
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')