GHSA-p9jg-9w87-6rg4

Suggest an improvement
Source
https://github.com/advisories/GHSA-p9jg-9w87-6rg4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9jg-9w87-6rg4/GHSA-p9jg-9w87-6rg4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-p9jg-9w87-6rg4
Aliases
  • CVE-2013-4320
Published
2022-05-17T04:43:27Z
Modified
2023-11-08T03:57:22.205125Z
Summary
TYPO3 Improper Access Management in the File Abstraction Layer
Details

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

References

Affected packages

Packagist / typo3/cms-core

Package

Name
typo3/cms-core
Purl
pkg:composer/typo3/cms-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0
Fixed
6.0.9

Packagist / typo3/cms-core

Package

Name
typo3/cms-core
Purl
pkg:composer/typo3/cms-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1
Fixed
6.1.4