Lucene search

GitHub Advisory DatabaseGHSA-9VXQ-MXW5-MCGP

HistoryApr 22, 2022 - 12:24 a.m.

Typo3 Arbitrary File Delete

2022-04-2200:24:10

CWE-20

GitHub Advisory Database

github.com

typo3

arbitrary file delete

vulnerability

webserver

remote attackers

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

37.4%

JSON

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.

Affected configurations

Vulners

Node

typo3typo3_cmsRange4.5.0–4.5.4

typo3typo3_cmsRange4.4.0–4.4.9

typo3typo3_cmsRange<4.3.12

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

References

github.com/advisories/GHSA-9vxq-mxw5-mcgp

nvd.nist.gov/vuln/detail/CVE-2011-4902

security-tracker.debian.org/tracker/CVE-2011-4902

typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

37.4%

JSON

Related for GHSA-9VXQ-MXW5-MCGP