Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2013-4250

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

  • Published: May 20, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4250
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
typo3 / typo3 6.0.1 6.0.1.x
typo3 / typo3 6.0.3 6.0.3.x
typo3 / typo3 6.0.2 6.0.2.x
typo3 / typo3 6.0 6.0.x
typo3 / typo3 6.0.9 6.0.9.x
typo3 / typo3 6.0.6 6.0.6.x
typo3 / typo3 6.0.5 6.0.5.x
typo3 / typo3 6.0.7 6.0.7.x
typo3 / typo3 6.0.4 6.0.4.x
typo3 / typo3 6.1.1 6.1.1.x
typo3 / typo3 6.1 6.1.x
typo3 / typo3 6.1.2 6.1.2.x