Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Typo3 | Typo3 | 7.6.0 (including) | 7.6.0 (including) |
Typo3 | Typo3 | 7.6.1 (including) | 7.6.1 (including) |
Typo3 | Typo3 | 7.6.2 (including) | 7.6.2 (including) |
Typo3 | Typo3 | 7.6.3 (including) | 7.6.3 (including) |
Typo3 | Typo3 | 7.6.4 (including) | 7.6.4 (including) |
Typo3 | Typo3 | 7.6.5 (including) | 7.6.5 (including) |
Typo3 | Typo3 | 7.6.6 (including) | 7.6.6 (including) |
Typo3 | Typo3 | 7.6.7 (including) | 7.6.7 (including) |
Typo3 | Typo3 | 7.6.8 (including) | 7.6.8 (including) |
Typo3 | Typo3 | 7.6.9 (including) | 7.6.9 (including) |
Typo3 | Typo3 | 7.6.10 (including) | 7.6.10 (including) |
Typo3 | Typo3 | 7.6.11 (including) | 7.6.11 (including) |
Typo3 | Typo3 | 7.6.12 (including) | 7.6.12 (including) |
Typo3 | Typo3 | 7.6.13 (including) | 7.6.13 (including) |
Typo3 | Typo3 | 7.6.14 (including) | 7.6.14 (including) |
Typo3 | Typo3 | 7.6.15 (including) | 7.6.15 (including) |
Typo3 | Typo3 | 7.6.16 (including) | 7.6.16 (including) |
Typo3 | Typo3 | 7.6.17 (including) | 7.6.17 (including) |
Typo3 | Typo3 | 7.6.18 (including) | 7.6.18 (including) |
Typo3 | Typo3 | 7.6.19 (including) | 7.6.19 (including) |
Typo3 | Typo3 | 7.6.20 (including) | 7.6.20 (including) |
Typo3 | Typo3 | 7.6.21 (including) | 7.6.21 (including) |
Typo3 | Typo3 | 8.0.0 (including) | 8.0.0 (including) |
Typo3 | Typo3 | 8.0.1 (including) | 8.0.1 (including) |
Typo3 | Typo3 | 8.1.0 (including) | 8.1.0 (including) |
Typo3 | Typo3 | 8.1.1 (including) | 8.1.1 (including) |
Typo3 | Typo3 | 8.1.2 (including) | 8.1.2 (including) |
Typo3 | Typo3 | 8.2.0 (including) | 8.2.0 (including) |
Typo3 | Typo3 | 8.2.1 (including) | 8.2.1 (including) |
Typo3 | Typo3 | 8.3.0 (including) | 8.3.0 (including) |
Typo3 | Typo3 | 8.3.1 (including) | 8.3.1 (including) |
Typo3 | Typo3 | 8.4.0 (including) | 8.4.0 (including) |
Typo3 | Typo3 | 8.4.1 (including) | 8.4.1 (including) |
Typo3 | Typo3 | 8.5.0 (including) | 8.5.0 (including) |
Typo3 | Typo3 | 8.5.1 (including) | 8.5.1 (including) |
Typo3 | Typo3 | 8.6.0 (including) | 8.6.0 (including) |
Typo3 | Typo3 | 8.6.1 (including) | 8.6.1 (including) |
Typo3 | Typo3 | 8.7.0 (including) | 8.7.0 (including) |
Typo3 | Typo3 | 8.7.1 (including) | 8.7.1 (including) |
Typo3 | Typo3 | 8.7.2 (including) | 8.7.2 (including) |
Typo3 | Typo3 | 8.7.3 (including) | 8.7.3 (including) |
Typo3 | Typo3 | 8.7.4 (including) | 8.7.4 (including) |