In TYPO3 11.5.24, the filelist... CVE-2023-30451

- AV AC AU C I A
发布: 2023-12-25
修订: 2024-01-03

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].

0%
当前有1条漏洞利用/PoC
当前有1条受影响产品信息