Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/56684?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56684?format=api", "vulnerability_id": "VCID-635d-efe6-bbgm", "summary": "TYPO3 doesn't properly check file extensions\nThe (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.", "aliases": [ { "alias": "CVE-2013-4250" }, { "alias": "GHSA-54jj-pxx2-pv8h" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54354?format=api", "purl": "pkg:composer/typo3/cms@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-635d-efe6-bbgm" }, { "vulnerability": "VCID-9j2h-q1n5-kbgt" }, { "vulnerability": "VCID-b5ht-z6zp-pbht" }, { "vulnerability": "VCID-d79s-4kzk-hugy" }, { "vulnerability": "VCID-m3dg-q4eg-wyfb" }, { "vulnerability": "VCID-nsh9-8twn-6ydn" }, { "vulnerability": "VCID-p8m8-y53c-cubn" }, { "vulnerability": "VCID-vbbx-pk8m-jfhd" }, { "vulnerability": "VCID-y9d1-wwne-hba5" }, { "vulnerability": "VCID-zqqe-vew2-nbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/54355?format=api", "purl": "pkg:composer/typo3/cms@6.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-59zz-tmvz-sqgm" }, { "vulnerability": "VCID-635d-efe6-bbgm" }, { "vulnerability": "VCID-9j2h-q1n5-kbgt" }, { "vulnerability": "VCID-d79s-4kzk-hugy" }, { "vulnerability": "VCID-hpju-vhzg-jyes" }, { "vulnerability": "VCID-m3dg-q4eg-wyfb" }, { "vulnerability": "VCID-nsh9-8twn-6ydn" }, { "vulnerability": "VCID-p8m8-y53c-cubn" }, { "vulnerability": "VCID-vbbx-pk8m-jfhd" }, { "vulnerability": "VCID-y9d1-wwne-hba5" }, { "vulnerability": "VCID-zqqe-vew2-nbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60162", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60151", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60197", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60156", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60158", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60115", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60026", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60104", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60128", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60147", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60161", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60183", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60169", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4250" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4250", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4250" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2013-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2013-002" }, { "reference_url": "https://github.com/advisories/GHSA-54jj-pxx2-pv8h", "reference_id": "GHSA-54jj-pxx2-pv8h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54jj-pxx2-pv8h" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 434, "name": "Unrestricted Upload of File with Dangerous Type", "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-635d-efe6-bbgm" }