Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default installations.
Affected Component: moc_filemanager
Version: 0.7.1 and earlier
Vulnerability Type: Information Disclosure
Severity: High
Problem Description:
A bug has been discovered in MOC filemanager (v. 0.7.1 and earlier): An offender may gain illegal read access to files on the server.
Solution:
An updated version (0.8.0) of the extension can be found on typo3.org/extensions/repository/list/moc_filemanager or via Extension Manager.
All users of this extension are advised to immediatly update this extension.
Credits:
Thanks to the author (Jan-Erik Revsbech) for notifying us and for providing a fixed version.