BIT-typo3-2023-30451

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2023-30451.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-typo3-2023-30451
Aliases
Published
2024-03-06T11:08:11.111Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sysfilestorage]*[data][sDEF][lDEF][basePath][vDEF].

References

Affected packages

Bitnami / typo3

Package

Name
typo3
Purl
pkg:bitnami/typo3

Severity

  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
11.5.24
Last affected
11.5.24