Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2018-0155

Good to know:

icon

Date: July 12, 2018

In TYPO3, versions 7.0.0 to 7.6.29, 8.0.0 to 8.7.16 and 9.0.0 to 9.3.0, Phar files (formerly known as 'PHP archives') can act as self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - 'bundle.phar' would be valid as well as 'bundle.txt' would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.

Language: PHP

Severity Score

Related Resources (4)

https://github.com/TYPO3/TYPO3.CMS/commit/b3b7d453a20e140a1d81d609ef4b9c61932238ab
https://github.com/TYPO3/TYPO3.CMS/commit/421ef424220f16e1078719d49b1b210e78233772
https://github.com/TYPO3/TYPO3.CMS/commit/b6a04a1278e5336eaf0faca3268dbcb843a0ba7a
https://www.mend.io/vulnerability-database/WS-2018-0155

Severity Score

Weakness Type (CWE)

Code

CWE-17

Source Code

CWE-18

Top Fix

icon

Upgrade Version

Upgrade to version TYPO3_7-6-30,TYPO3_8-7-17,v9.3.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us