10

CVE-2008-4188

Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Typo3Secure Directory Version <= 1.0.1
Typo3Secure Directory Version0.1.3
Typo3Secure Directory Version1.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.06% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/31897
Vendor Advisory
http://typo3.org/extensions/repository/view/kw_secdir/1.0.2/
Patch
http://www.securityfocus.com/bid/31253
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45260