CVE-2016-15017

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-15017
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15017.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-15017
Published
2023-01-10T15:15:11.100Z
Modified
2026-03-15T22:05:14.812371Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/fabarea/media_upload

Affected ranges

Type
GIT
Repo
https://github.com/fabarea/media_upload
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
73f24c3d052d2fba03d441a9f530c7909428b495
Fixed
b25d42a4981072321c1a363311d8ea2a4ac8763a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-15017.json"