Extbase for TYPO3 allows RCE
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jul 31, 2023
Package
Affected versions
< 6.2.24
>= 7.0, < 7.6.8
= 8.1.1
Patched versions
6.2.24
7.6.8
Description
Published by the National Vulnerability Database
Jan 23, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jul 31, 2023
Last updated
Jul 31, 2023
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
References