Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

2024-06-0517:19:26

GitHub Advisory Database

github.com

typo3

arbitrary code execution

cross-site scripting

backend api

page tsconfig

arbitrary injection

directory traversal

user account vulnerability

7.6 High

AI Score

Confidence

High

JSON

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings.

A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.8

typo3cms_poll_system_extensionRange<8.7.27

CPENameOperatorVersion
typo3/cmslt9.5.8
typo3/cmslt8.7.27

CPE	Name	Operator	Version
	typo3/cms	lt	9.5.8
	typo3/cms	lt	8.7.27

References

github.com/advisories/GHSA-hww5-6x85-mc24

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-4.yaml

typo3.org/security/advisory/typo3-core-sa-2019-019

7.6 High

AI Score

Confidence

High

JSON