CVE-2010-5102

Published: May 21, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.

Affected (29)

Products: Typo3: Typo3

1 product

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Version 4.2.0
Typo3 Typo3	Version 4.2.10
Typo3 Typo3	Version 4.2.11
Typo3 Typo3	Version 4.2.12
Typo3 Typo3	Version 4.2.13
Typo3 Typo3	Version 4.2.14
Typo3 Typo3	Version 4.2.15
Typo3 Typo3	Version 4.2.1
Typo3 Typo3	Version 4.2.2
Typo3 Typo3	Version 4.2.3
Typo3 Typo3	Version 4.2.4
Typo3 Typo3	Version 4.2.5
Typo3 Typo3	Version 4.2.6
Typo3 Typo3	Version 4.2.7
Typo3 Typo3	Version 4.2.8
Typo3 Typo3	Version 4.2.9
Typo3 Typo3	Version 4.3.0
Typo3 Typo3	Version 4.3.1
Typo3 Typo3	Version 4.3.2
Typo3 Typo3	Version 4.3.3
Typo3 Typo3	Version 4.3.4
Typo3 Typo3	Version 4.3.5
Typo3 Typo3	Version 4.3.6
Typo3 Typo3	Version 4.3.7
Typo3 Typo3	Version 4.3.8
Typo3 Typo3	Version 4.4.1
Typo3 Typo3	Version 4.4.2
Typo3 Typo3	Version 4.4.3
Typo3 Typo3	Version 4.4.4

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (22)

http://bugs.typo3.org/view.php?id=16362

Source: secalert@redhat.com

http://secunia.com/advisories/35770

Source: secalert@redhat.com

Vendor Advisory

http://securesystems.ca/advisory.php?id=2010-001

Source: secalert@redhat.com

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/01/13/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/10/7

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/11/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/05/12/5

Source: secalert@redhat.com

http://www.osvdb.org/70119

Source: secalert@redhat.com

http://www.securityfocus.com/bid/45470

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/64180

Source: secalert@redhat.com

http://bugs.typo3.org/view.php?id=16362

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35770

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securesystems.ca/advisory.php?id=2010-001

Source: af854a3a-2127-422b-91ae-364da2661108

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/01/13/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/10/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/11/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/05/12/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/70119

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45470

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/64180

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.