The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| co-stack/fal_sftp(Packagist) | 0 | 0.2.6 | N/A |
| vertexvaar/falsftp(Packagist) | 0 | 0.2.6 | N/A |
CVSS Metrics
