Vulnerability Description
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ecodev | Media Upload | < 0.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4PatchThird Party Advisory
- https://github.com/fabarea/media_upload/issues/6Third Party Advisory
- https://github.com/fabarea/media_upload/releases/tag/0.9.0Third Party Advisory
- https://vuldb.com/?ctiid.217786Third Party Advisory
- https://vuldb.com/?id.217786Third Party Advisory
- https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4PatchThird Party Advisory
- https://github.com/fabarea/media_upload/issues/6Third Party Advisory
- https://github.com/fabarea/media_upload/releases/tag/0.9.0Third Party Advisory
- https://vuldb.com/?ctiid.217786Third Party Advisory
- https://vuldb.com/?id.217786Third Party Advisory
FAQ
What is CVE-2016-15017?
CVE-2016-15017 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.ph...
How severe is CVE-2016-15017?
CVE-2016-15017 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-15017?
Check the references section above for vendor advisories and patch information. Affected products include: Ecodev Media Upload.