Bug #19821: Command execution in sysext indexed_search - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #19821

closed

Command execution in sysext indexed_search

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Marcus Krause

Category:

Indexed Search

Target version:

Start date:

2009-01-14

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2009010510000025

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
If an attacker is able to create arbitrarily named pdf-files (or .txt, etc.) and he can create a link to that file that is not
urlencoded (e.g. HTML content element), and get that page to be indexed, he is able to execute arbitrary commands.

Solution:
Wrap file arguments by escapeshellargs().

Provided by TYPO3 Security Team
(issue imported from #M10133)

Files

10133.diff (3.13 KB) 10133.diff

Administrator Admin, 2009-01-14 23:46

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #19821

Command execution in sysext indexed_search

Updated by Marcus Krause almost 16 years ago

Updated by Marcus Krause almost 16 years ago

Updated by Ingo Renner almost 16 years ago

Updated by Benni Mack about 6 years ago