Miggo Logo
Miggo Vulnerability Database
CVE-2008-2717

CVE-2008-2717: TYPO3 Unrestricted File Upload vulnerability

6.5

CVSS Score

Basic Information

CVE ID
CVE-2008-2717
GHSA ID
GHSA-f35p-hcwf-9f9f
EPSS Score
0.5961%
CWE
CWE-434
Published
5/1/2022
Updated
2/9/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-corecomposer>= 4.0.0, < 4.0.94.0.9
typo3/cms-corecomposer>= 4.1.0, < 4.1.74.1.7
typo3/cms-corecomposer>= 4.2.0, < 4.2.14.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from TYPO3's use of an insufficient 'fileDenyPattern' regex in Apache configurations. The security bulletin explicitly identifies t3lib_div::verifyFilenameAgainstDenyPattern as the function responsible for enforcing this pattern during file operations. Since this function relied on the vulnerable default regex (which lacked proper restrictions for fileDenyPattern and multi-extension PHP files), it directly enabled the upload bypass. The function's central role in filename validation and its dependency on the flawed configuration make it the clear vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

TYPO* *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.*, us*s *n insu**i*i*ntly r*stri*tiv* ****ult *il***nyP*tt*rn *or *p****, w*i** *llows r*mot* *tt**k*rs to *yp*ss s**urity r*stri*tions *n* uplo** *on*i*ur*tion *il*s su** *s .*t****s

Reasoning

T** vuln*r**ility st*ms *rom TYPO*'s us* o* *n insu**i*i*nt '*il***nyP*tt*rn' r***x in *p**** *on*i*ur*tions. T** s**urity *ull*tin *xpli*itly i**nti*i*s `t*li*_*iv::v*ri*y*il*n*m****inst**nyP*tt*rn` *s t** *un*tion r*sponsi*l* *or *n*or*in* t*is p*t