Multiple vulnerabilities in TYPO3 Core

Wed. 11th June, 2008

It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library allows Cross Site Scripting (XSS).

This is a companion discussion topic for the original entry at