CVE-2010-5099 — TYPO3 Path Traversal vulnerability

Description

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

How to fix CVE-2010-5099

To remediate CVE-2010-5099, upgrade the affected package to a fixed version below.

Packagist/typo3/cms—upgrade to 4.2.16 or later

Is CVE-2010-5099 being exploited?

Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 4.2.0, < 4.2.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

References (10)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-5099
PATCHgithub.com/TYPO3/typo3
WEBblog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
WEBexchange.xforce.ibmcloud.com/vulnerabilities/64180