TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
https://security-tracker.debian.org/tracker/CVE-2010-3663
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution
Source: Mitre, NVD
Published: 2019-11-04
Updated: 2019-11-05
Base Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Severity: Medium
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.03147