CVE-2013-4321 | SynScan

Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2013-4321

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.

Published: May 20, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-4321
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
typo3 / typo3	6.1.3	6.1.3.x
typo3 / typo3	6.1.1	6.1.1.x
typo3 / typo3	6.1	6.1.x
typo3 / typo3	6.1.2	6.1.2.x
typo3 / typo3	6.0.1	6.0.1.x
typo3 / typo3	6.0.3	6.0.3.x
typo3 / typo3	6.0.2	6.0.2.x
typo3 / typo3	6.0	6.0.x
typo3 / typo3	6.0.6	6.0.6.x
typo3 / typo3	6.0.5	6.0.5.x
typo3 / typo3	6.0.7	6.0.7.x
typo3 / typo3	6.0.4	6.0.4.x

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/