CVE-2010-3663: Unrestricted Upload of File with Dangerous Type

April 21, 2022 (updated February 6, 2024)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
github.com/advisories/GHSA-wjpc-gjf7-9938
nvd.nist.gov/vuln/detail/CVE-2010-3663
security-tracker.debian.org/tracker/CVE-2010-3663
typo3.org/security/advisory/typo3-sa-2010-012/

Code Behaviors & Features

Detect and mitigate CVE-2010-3663 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →