Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2013-4321 - Vulnerability Database
TYPO3

TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2013-4321

Medium
Reference: CVE-2013-4321
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4321
Title: TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.