Lucene search
GoogleOSV:GHSA-3GJC-MP82-FJ4QHistoryDec 25, 2023 - 6:30 a.m.
TYPO3 Arbitrary File Read via Directory Traversal
2023-12-2506:30:20
Google
osv.dev
8
typo3
arbitrary file read
directory traversal
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | eq | 11.5.24 |
Related
osv
osv
Path Traversal in TYPO3 File Abstraction Layer Storages
2024-02-13 19:08:10
BIT-typo3-2023-30451
2024-03-06 11:08:11
nvd
nvd
CVE-2023-30451
2023-12-25 05:15:08
zdt
zdt
TYPO3 11.5.24 Path Traversal Vulnerability
2023-12-20 00:00:00
veracode
veracode
Path Traversal
2023-12-28 11:34:09
cve
cve
CVE-2023-30451
2023-12-25 05:15:08
github
github
Path Traversal in TYPO3 File Abstraction Layer Storages
2024-02-13 19:08:10
nessus
nessus
prion
prion
Directory traversal
2023-12-25 05:15:00
packetstorm
packetstorm
TYPO3 11.5.24 Path Traversal
2023-12-20 00:00:00
exploitdb
exploitdb
TYPO3 11.5.24 - Path Traversal (Authenticated)
2024-03-18 00:00:00
cvelist
cvelist
CVE-2023-30451
2023-12-25 00:00:00
freebsd
freebsd
typo3-{11,12} -- multiple vulnerabilities
2024-02-13 00:00:00