Lucene search
+L

CVE-2020-15099

🗓️ 29 Jul 2020 16:15:15Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov👁 87 Views🌐 WEB

CVE-2020-15099: TYPO3 CMS 9.x < 9.5.20 and 10.x < 10.4.6 allows remote attackers to retrieve arbitrary files and manipulate database contents

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
OR
typo3typo3Range9.0.09.5.20
typo3typo3Range10.0.010.4.6
[
  {
    "product": "TYPO3 CMS",
    "vendor": "TYPO3",
    "versions": [
      {
        "status": "affected",
        "version": ">= 9.0.0, < 9.5.20"
      },
      {
        "status": "affected",
        "version": ">= 10.0.0, 10.4.6"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
idquery paramindex.phpUnauthenticated remote code execution via TYPO3 Form Framework by forging valid HMAC using encryptionKey; exploit writes a webshell to a publicly accessible path.CWE-20CWE-200
shell.phppathfileadmin/_temp_/shell.phpPublicly accessible webshell written to server via exploited TYPO3 gadget chain.CWE-20CWE-200
encryptionKeypathtypo3conf/LocalConfiguration.phpExposure of encryptionKey and DB credentials from LocalConfiguration.php enabling exploitation; contains critical security material.CWE-20CWE-200
database credentialspathtypo3conf/LocalConfiguration.phpExposure of encryptionKey and DB credentials from LocalConfiguration.php enabling exploitation; contains critical security material.CWE-20CWE-200

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:56Current
8.4High risk
Vulners AI Score8.4
CVSS 26.8
CVSS 3.18.1
EPSS0.01782
87