Security Bulletins

Multiple vulnerabilities in TYPO3 Core

Authors: , Category: TYPO3 CMS June 11, 2008

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).

Details