Typo3 Arbitrary File Disclosure in Form Component · GHSA-wrpf-2x8h-82gr · GitHub Advisory Database · GitHub

Typo3 Arbitrary File Disclosure in Form Component

Moderate severity GitHub Reviewed Published Jun 4, 2024 to the GitHub Advisory Database • Updated Jun 4, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.20

Patched versions

6.2.20

Description

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields.

References

Published to the GitHub Advisory Database Jun 4, 2024

Reviewed Jun 4, 2024

Last updated Jun 4, 2024