VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-hy4y-a1fn-6fdn

Vulnerability ID	VCID-hy4y-a1fn-6fdn
Aliases	GHSA-2p4f-vc9q-r5vp
Summary	Typo3 Arbitrary file upload and XML External Entity processing
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-2p4f-vc9q-r5vp
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2015-11-23.yaml
generic_textual	MODERATE	https://www.neos.io/blog/flow-sa-2015-001.html

Reference id	Reference type	URL
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/flow/2015-11-23.yaml
		https://www.neos.io/blog/flow-sa-2015-001.html
GHSA-2p4f-vc9q-r5vp		https://github.com/advisories/GHSA-2p4f-vc9q-r5vp

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-31T01:03:46.723437+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-2p4f-vc9q-r5vp	38.6.0