Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30451

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].

Published

2023-12-25T05:15:08.553

Last Modified

2024-11-21T08:00:12.673

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	11.5.24	Yes

References

http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)