PROBLEM:
Some vulnerabilities have been reported in TYPO3
PLATFORM:
TYPO3 6.x
ABSTRACT:
TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations
REFERENCE LINKS:
Secunia Advisory SA54717
Security Focus ID 62257
IMPACT ASSESSMENT:
Medium
DISCUSSION:
1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot.
2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check by inserting certain special characters and e.g. rename files to have the PHP file extension.
IMPACT:
Cross-Site Scripting
Remote Code Execution
SOLUTION:
Vendor recommends updating to current release version