Search for vulnerabilities
Vulnerability details: VCID-3d1t-1zaf-77h5
Vulnerability ID VCID-3d1t-1zaf-77h5
Aliases CVE-2013-4320
GHSA-p9jg-9w87-6rg4
Summary TYPO3 Improper Access Management in the File Abstraction Layer The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-284 Improper Access Control
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2013-4320
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2013-4320
generic_textual MODERATE https://github.com/TYPO3-CMS/core
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-4320
generic_textual MODERATE https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-4320
https://github.com/TYPO3-CMS/core
https://nvd.nist.gov/vuln/detail/CVE-2013-4320
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/
GHSA-p9jg-9w87-6rg4 https://github.com/advisories/GHSA-p9jg-9w87-6rg4
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.33434
EPSS Score 0.00129
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:19.112637+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9jg-9w87-6rg4/GHSA-p9jg-9w87-6rg4.json 36.1.3