EPSS
Percentile
55.3%
typo3/cms is vulnerable to directory traversal. Manually uploaded Zip archives are not validated and allows for malicious file names containing the ../ characters. This could potentially result in system files being overwritten upon extraction.
../
review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
typo3.org/security/advisory/typo3-core-sa-2019-024/