The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/ | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 | vdb entry |
| http://secunia.com/advisories/35770 | third party advisory vendor advisory |
| http://www.openwall.com/lists/oss-security/2012/05/12/5 | mailing list |
| http://www.openwall.com/lists/oss-security/2011/01/13/2 | mailing list |
| http://www.exploit-db.com/exploits/15856 | exploit |
| http://www.openwall.com/lists/oss-security/2012/05/11/3 | mailing list |
| http://www.openwall.com/lists/oss-security/2012/05/10/7 | mailing list |
| http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html | exploit |