Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2010-3663

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

  • Published: Nov 4, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2010-3663
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
typo3 / typo3 4.4.0 4.4.1
typo3 / typo3 4.3.0 4.3.4
typo3 / typo3 - 4.1.14
typo3 / typo3 4.2.0 4.2.13