Vulnerability Description
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | <= 4.0.12 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=oss-security&m=125632856206736&w=2
- http://secunia.com/advisories/37122Vendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/PatchVendor Advisory
- http://www.securityfocus.com/bid/36801Patch
- http://www.vupen.com/english/advisories/2009/3009PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53923
- http://marc.info/?l=oss-security&m=125632856206736&w=2
- http://secunia.com/advisories/37122Vendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/PatchVendor Advisory
- http://www.securityfocus.com/bid/36801Patch
- http://www.vupen.com/english/advisories/2009/3009PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53923
FAQ
What is CVE-2009-3631?
CVE-2009-3631 is a vulnerability with a CVSS score of 8.5 (HIGH). The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated ...
How severe is CVE-2009-3631?
CVE-2009-3631 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3631?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.