Vigil@nce - TYPO3 Zend Framework Integration: file reading
November 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read a file of TYPO3 Zend Framework Integration,
in order to obtain sensitive information.
– Impacted products: TYPO3 Extensions not comprehensive.
– Severity: 2/4.
– Creation date: 30/09/2015.
DESCRIPTION OF THE VULNERABILITY
The Zend Framework Integration extension can be installed on TYPO3.
However, an attacker can bypass file access restrictions, by
injecting XML code in Zend_XmlRpc.
An attacker can therefore read a file of TYPO3 Zend Framework
Integration, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-Zend-Framework-Integration-file-reading-18004