Lucene search
GitHub Advisory DatabaseGHSA-74W6-WW7W-45J9HistoryMay 02, 2022 - 3:13 a.m.
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
2022-05-0203:13:52
CWE-20
CWE-78
GitHub Advisory Database
github.com
2
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
References
typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
www.debian.org/security/2009/dsa-1711
www.openwall.com/lists/oss-security/2009/01/23/4
exchange.xforce.ibmcloud.com/vulnerabilities/48138
github.com/advisories/GHSA-74w6-ww7w-45j9
nvd.nist.gov/vuln/detail/CVE-2009-0258
web.archive.org/web/20111210005350/www.securityfocus.com/bid/33376
Related
cvelist
cvelist
CVE-2009-0258
2009-01-22 23:00:00
cve
cve
CVE-2009-0258
2009-01-22 23:30:00
osv
osv
typo3-src - remote code execution
2009-01-26 00:00:00
prion
prion
Command injection
2009-01-22 23:30:00
ubuntucve
ubuntucve
CVE-2009-0258
2009-01-22 00:00:00
openvas
openvas
FreeBSD Ports: typo3
2009-02-13 00:00:00
FreeBSD Ports: typo3
2009-02-13 00:00:00
TYPO3 Multiple Vulnerabilities (Jan 2009)
2013-12-26 00:00:00
debian
debian
[SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution
2009-01-26 20:54:27
nessus
nessus
FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)
2009-02-09 00:00:00
Debian DSA-1711-1 : typo3-src - several vulnerabilities
2009-01-27 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities
2009-02-07 00:00:00
securityvulns
securityvulns