CVE-2017-14251

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14251
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14251.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14251
Aliases
Published
2017-09-11T09:29:00Z
Modified
2024-10-12T02:44:48.347784Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

References

Affected packages

Git / github.com/benjaminkott/bootstrap_package

Affected ranges

Type
GIT
Repo
https://github.com/benjaminkott/bootstrap_package
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

6.*

6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8

8.*

8.0.0
8.1.0
8.1.1

Other

TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-2
TYPO3_7-6-3
TYPO3_7-6-4
TYPO3_7-6-5
TYPO3_7-6-6
TYPO3_7-6-7
TYPO3_7-6-8
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-1-1

v6.*

v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9

v7.*

v7.0.0