TYPO3 before 8.7.30 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Vulnerability
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
The information has been provided by Vendor
The original article can be found at:https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
TYPO3 before 8.7.30
TYPO3 9.x before 9.5.12
TYPO3 10.x before 10.2.2