797 B
797 B
CVE-2010-3663
Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
POC
Reference
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution
Github
No PoCs found on GitHub currently.