Some vulnerabilities have been reported in TYPO3
TYPO3 comes with the possibility to restrict editors to certain file actions (copy, delete, move etc.) and to restrict these actions to be performed in certain locations
1) Some errors when handling file actions can be exploited to bypass file action permission restrictions and e.g. create or read arbitrary files within or outside the webroot.
2) An error when validating file names within the file renaming functionality can be exploited to bypass the denied file extensions check by inserting certain special characters and e.g. rename files to have the PHP file extension.
Remote Code Execution
Vendor recommends updating to current release version