2.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jerome-schneider

typo3

NVD

Published: 2011-10-04

Updated: 2017-08-29

Summary

Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Jerome_Schneider Jerome Schneider Ameos Dragndropupload 2.0.0 Jerome Schneider Ameos Dragndropupload 2.0.1 Jerome Schneider Ameos Dragndropupload *	3
Application	Typo3 Typo3 Typo3 *	1

References

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-010/
http://www.securityfocus.com/bid/49516
https://exchange.xforce.ibmcloud.com/vulnerabilities/69694