Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1AD3D264-E36B-11EE-9C27-40B034429ECF
HistoryFeb 13, 2024 - 12:00 a.m.

typo3-{11,12} -- multiple vulnerabilities

2024-02-1300:00:00
vuxml.freebsd.org
14
typo3
security releases
path traversal
code execution
information disclosure
improper access control
file abstraction layer
cve-2023-30451
cve-2024-22188
cve-2024-25118
cve-2024-25119
cve-2024-25120
cve-2024-25121
unix

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.8%

JSON

Typo3 developers reports:

All versions are security releases and contain important security fixes - read the corresponding security advisories here:

Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451
Code Execution in TYPO3 Install Tool CVE-2024-22188
Information Disclosure of Hashed Passwords in TYPO3 Backend Forms CVE-2024-25118
Information Disclosure of Encryption Key in TYPO3 Install Tool CVE-2024-25119
Improper Access Control of Resources Referenced by t3:// URI Scheme CVE-2024-25120
Improper Access Control Persisting File Abstraction Layer Entities via Data Handler CVE-2024-25121

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtypo3-11< 11.5.35UNKNOWN
FreeBSDanynoarchtypo3-12< 12.4.11UNKNOWN

Related

nessus 7
veracode 6
nvd 6
prion 6
cve 6
github 6
vulnrichment 4
cvelist 6
osv 9
zdt 1
exploitdb 1
packetstorm 1
nessus
nessus
FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)
2024-03-17 00:00:00
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-006)
2024-02-13 00:00:00
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-004)
2024-02-13 00:00:00
veracode
veracode
Code Injection
2024-02-14 07:01:16
Improper Access Control
2024-02-14 09:33:17
Improper Access Control
2024-02-14 09:55:01
nvd
nvd
CVE-2024-22188
2024-03-05 02:15:27
CVE-2024-25120
2024-02-13 23:15:08
CVE-2024-25119
2024-02-13 23:15:08
prion
prion
Design/Logic Flaw
2024-02-13 23:15:00
Design/Logic Flaw
2024-02-13 23:15:00
Design/Logic Flaw
2024-02-13 23:15:00
cve
cve
CVE-2024-25121
2024-02-13 23:15:09
CVE-2024-25120
2024-02-13 23:15:08
CVE-2024-22188
2024-03-05 02:15:27
github
github
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
2024-02-13 17:24:59
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
2024-02-13 17:29:03
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
2024-02-13 17:23:31
vulnrichment
vulnrichment
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
2024-02-13 22:15:13
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool
2024-02-13 22:16:37
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
2024-02-13 22:19:22
cvelist
cvelist
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool
2024-02-13 22:16:37
CVE-2024-22188
2024-03-05 00:00:00
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
2024-02-13 22:15:13
osv
osv
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
2024-02-13 17:24:59
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
2024-02-13 17:29:03
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
2024-02-13 17:23:31
zdt
zdt
TYPO3 11.5.24 Path Traversal Vulnerability
2023-12-20 00:00:00
exploitdb
exploitdb
TYPO3 11.5.24 - Path Traversal (Authenticated)
2024-03-18 00:00:00
packetstorm
packetstorm
TYPO3 11.5.24 Path Traversal
2023-12-20 00:00:00

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.8%

JSON
Related for 1AD3D264-E36B-11EE-9C27-40B034429ECF
nessus7veracode6nvd6prion6cve6github6vulnrichment4cvelist6osv9zdt1exploitdb1packetstorm1