CVE-2013-4250 Information

Description

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Reference

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/