CVE-2013-4320

Published: May 20, 2014Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Affected (13)

Products: Typo3: Typo3

Typo3

1 product

Typo3

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Version 6.1.1
Typo3 Typo3	Version 6.1.2
Typo3 Typo3	Version 6.1.3
Typo3 Typo3	Version 6.1

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Version 6.0.1
Typo3 Typo3	Version 6.0.2
Typo3 Typo3	Version 6.0.3
Typo3 Typo3	Version 6.0.4
Typo3 Typo3	Version 6.0.5
Typo3 Typo3	Version 6.0.6
Typo3 Typo3	Version 6.0.7
Typo3 Typo3	Version 6.0.8
Typo3 Typo3	Version 6.0

Related CWEs

CWE-264

References (2)

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/

Source: secalert@redhat.com

Vendor Advisory

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.