Vulnerability Details CVE-2015-4606
Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://typo3.org/extensions/repository/view/jobfair
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/
- http://www.securityfocus.com/bid/75238
- http://typo3.org/extensions/repository/view/jobfair
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/
- http://www.securityfocus.com/bid/75238
Products affected by CVE-2015-4606
-
cpe:2.3:a:job_fair_project:job_fair:0.0.1
-
cpe:2.3:a:job_fair_project:job_fair:0.0.2
-
cpe:2.3:a:job_fair_project:job_fair:0.0.3
-
cpe:2.3:a:job_fair_project:job_fair:0.0.4
-
cpe:2.3:a:job_fair_project:job_fair:0.0.5
-
cpe:2.3:a:job_fair_project:job_fair:0.0.6
-
cpe:2.3:a:job_fair_project:job_fair:0.0.7
-
cpe:2.3:a:job_fair_project:job_fair:0.0.8
-
cpe:2.3:a:job_fair_project:job_fair:0.1.0
-
cpe:2.3:a:job_fair_project:job_fair:0.1.1
-
cpe:2.3:a:job_fair_project:job_fair:0.1.2
-
cpe:2.3:a:job_fair_project:job_fair:0.1.3
-
cpe:2.3:a:job_fair_project:job_fair:1.0.0