CVE-2021-21357
Broken Access Control in Form Framework
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.
TYPO3 es un sistema de gestión de contenidos web de código abierto basado en PHP. En TYPO3 versiones anteriores a la 8.7.40, 9.5.25, 10.4.14, 11.1.1, debido a una validación de entrada inadecuada, los atacantes pueden eludir las restricciones de las opciones predefinidas y enviar datos arbitrarios en el módulo backend del Diseñador de formularios del Marco de formularios. En la configuración por defecto del Form Framework esto permite a los atacantes permitir explícitamente tipos mime arbitrarios para la subida de archivos - sin embargo, el _fileDenyPattern_ por defecto bloquea con éxito archivos como _.htaccess_ o _malicious.php_. Además de eso, los atacantes pueden persistir esos archivos en cualquier directorio con capacidad de escritura de la correspondiente instalación de TYPO3. Se necesita una cuenta de usuario backend válida con acceso al módulo de formularios para explotar esta vulnerabilidad. Esto está corregido en las versiones 8.7.40, 9.5.25, 10.4.14, 11.1.1
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-03-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f | Third Party Advisory | |
| https://packagist.org/packages/typo3/cms-form | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://typo3.org/security/advisory/typo3-core-sa-2021-003 | 2021-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 8.0.0 < 8.7.40 Search vendor "Typo3" for product "Typo3" and version " >= 8.0.0 < 8.7.40" | - |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 9.0.0 < 9.5.25 Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.25" | - |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 10.0.0 < 10.4.14 Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.14" | - |
Affected
| ||||||
| Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 11.0.0 < 11.1.1 Search vendor "Typo3" for product "Typo3" and version " >= 11.0.0 < 11.1.1" | - |
Affected
| ||||||