nvd-json-data-feeds/CVE-2023/CVE-2023-304xx/CVE-2023-30451.json

{
  "id": "CVE-2023-30451",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-12-25T05:15:08.553",
  "lastModified": "2023-12-26T20:34:16.103",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]."
    },
    {
      "lang": "es",
      "value": "En TYPO3 11.5.24, el componente filelist permite a los atacantes (que tienen acceso al panel de administrador) leer archivos arbitrarios a trav\u00e9s del directory traversal en el campo baseuri, como lo demuestra POST /typo3/record/edit con ../../. ./ en datos[sys_file_storage]*[datos][sDEF][lDEF][basePath][vDEF]."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/176274/TYPO3-11.5.24-Path-Traversal.html",
      "source": "cve@mitre.org"
    }
  ]
}