CVE Vulnerabilities

CVE-2013-4320

Published: May 20, 2014 | Modified: Apr 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Affected Software

Name Vendor Start Version End Version
Typo3 Typo3 6.1 (including) 6.1 (including)
Typo3 Typo3 6.1.1 (including) 6.1.1 (including)
Typo3 Typo3 6.1.2 (including) 6.1.2 (including)
Typo3 Typo3 6.1.3 (including) 6.1.3 (including)

References