Arbitrary File Creation and Read Vulnerability in TYPO3 File Abstraction Layer (FAL)

Arbitrary File Creation and Read Vulnerability in TYPO3 File Abstraction Layer (FAL)

CVE-2013-4320 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Learn more about our User Device Pen Test.