CVE-2015-4606
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/06/2015
Last modified:
12/04/2025
Description
Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:job_fair_project:job_fair:*:*:*:*:*:typo3:*:* | 1.0.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://typo3.org/extensions/repository/view/jobfair
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/
- http://www.securityfocus.com/bid/75238
- http://typo3.org/extensions/repository/view/jobfair
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-013/
- http://www.securityfocus.com/bid/75238