漏洞描述
Typo3是一款开源内容管理系统(CMS)和内容管理框架(CMF)软件。 TYPO3 Dictionary (rtgdictionary) extension 0.1.9以及之前的版本中存在未明漏洞。攻击者可以借助未知向量,执行任意代码。
TYPO3 Dictionary extension 未明任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-15363: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
- POC CVE-2022-1013: WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
- POC CVE-2018-7662: Couchcms 2.0 Dictionary Disclosure
- POC glodon-linkworks-getimdirectionary-sqli: 广联达 Linkworks GetIMDictionary SQL 注入
- POC url-extension-inspector: URL Extension Inspector
- POC typo3-installer: TYPO3 Installer
- POC typo3-composer: Typo3 composer.json Exposure
- POC typo3-debug-mode: TYPO3 Debug Mode Enabled
- POC pgsql-extensions-rce: PostgreSQL 8.1 Extensions - Remote Code Execution
- Solara /static/nbextensions/ 文件读取漏洞(CVE-2024-39903)
- 昂捷ERP /EnjoyRMIS_WS/WS/ReportTool/cwsqry.asmx GetDictionary SQL 注入漏洞
- Smartbi extensions 任意文件上传漏洞
- TYPO3 Lux Extension SQL注入漏洞