CVE-2010-5102

EPSS 0.49%
Veröffentlicht 21.05.2012 20:55:17
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version4.2.0

Typo3 ≫ Typo3 Version4.2.1

Typo3 ≫ Typo3 Version4.2.2

Typo3 ≫ Typo3 Version4.2.3

Typo3 ≫ Typo3 Version4.2.4

Typo3 ≫ Typo3 Version4.2.5

Typo3 ≫ Typo3 Version4.2.6

Typo3 ≫ Typo3 Version4.2.7

Typo3 ≫ Typo3 Version4.2.8

Typo3 ≫ Typo3 Version4.2.9

Typo3 ≫ Typo3 Version4.2.10

Typo3 ≫ Typo3 Version4.2.11

Typo3 ≫ Typo3 Version4.2.12

Typo3 ≫ Typo3 Version4.2.13

Typo3 ≫ Typo3 Version4.2.14

Typo3 ≫ Typo3 Version4.2.15

Typo3 ≫ Typo3 Version4.3.0

Typo3 ≫ Typo3 Version4.3.1

Typo3 ≫ Typo3 Version4.3.2

Typo3 ≫ Typo3 Version4.3.3

Typo3 ≫ Typo3 Version4.3.4

Typo3 ≫ Typo3 Version4.3.5

Typo3 ≫ Typo3 Version4.3.6

Typo3 ≫ Typo3 Version4.3.7

Typo3 ≫ Typo3 Version4.3.8

Typo3 ≫ Typo3 Version4.4.1

Typo3 ≫ Typo3 Version4.4.2

Typo3 ≫ Typo3 Version4.4.3

Typo3 ≫ Typo3 Version4.4.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.628

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/35770

Vendor Advisory

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/01/13/2

http://www.openwall.com/lists/oss-security/2012/05/10/7

http://www.openwall.com/lists/oss-security/2012/05/11/3

http://www.openwall.com/lists/oss-security/2012/05/12/5

http://www.securityfocus.com/bid/45470

http://www.osvdb.org/70119

https://exchange.xforce.ibmcloud.com/vulnerabilities/64180

http://bugs.typo3.org/view.php?id=16362

http://securesystems.ca/advisory.php?id=2010-001

https://nvd.nist.gov/vuln/detail/CVE-2010-5102

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-5102

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-5102

EUVD