NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2016-15017

Summary	A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability.
Publication Date	Jan. 11, 2023, 12:15 a.m.
Registration Date	Jan. 11, 2023, 10:01 a.m.
Last Update	Nov. 21, 2024, 11:45 a.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ecodev:media_upload::::::typo3::*					0.9.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a		Patch Third Party Advisory
2	https://github.com/fabarea/media_upload/commit/b25d42a4981072321c1a363311d8ea2a4ac8763a		Patch Third Party Advisory
3	https://github.com/fabarea/media_upload/issues/6		Third Party Advisory
4	https://github.com/fabarea/media_upload/issues/6		Third Party Advisory
5	https://github.com/fabarea/media_upload/releases/tag/0.9.0		Third Party Advisory
6	https://github.com/fabarea/media_upload/releases/tag/0.9.0		Third Party Advisory
7	https://vuldb.com/?ctiid.217786		Third Party Advisory
8	https://vuldb.com/?ctiid.217786		Third Party Advisory
9	https://vuldb.com/?id.217786		Third Party Advisory
10	https://vuldb.com/?id.217786		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html