Vulnerabilities > CVE-2015-4607 - Arbitrary File Upload vulnerability in Frontend User Upload Project Frontend User Upload 0.5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |