CVE-2017-14251

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.11:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.12:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.19:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.20:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.16:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.14:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.21:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.13:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.6.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.18:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.17:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:7.6.10:*:*:*:*:*:*:*

Information

Published : 2017-09-11 02:29

Updated : 2017-12-03 18:29


NVD link : CVE-2017-14251

Mitre link : CVE-2017-14251


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

typo3

  • typo3