Lucene search
K

TYPO3 Extbase RCE Vulnerability (TYPO3-CORE-SA-2016-013)

🗓️ 25 Jan 2017 00:00:00Reported by Copyright (C) 2017 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 53 Views

TYPO3 Extbase RCE Vulnerability (TYPO3-CORE-SA-2016-013). Remote code execution vulnerability in TYPO3 versions 4.3.0 through 6.2.23, 7.x prior to 7.6.8 and 8.1.0 only. Update to version 6.2.24, 7.6.8, 8.1.1 or later

Related
Refs
Code
ReporterTitlePublishedViews
Family
freebsd
typo3 -- Missing access check in Extbase
24 May 201600:00
freebsd
bdu_fstec
The vulnerability of the extbase extension of the TYPO3 content management system allows a hacker to execute arbitrary code.
27 Oct 202000:00
bdu_fstec
cnvd
TYPO3 CMS Access Check Vulnerability
27 May 201600:00
cnvd
cve
CVE-2016-5091
23 Jan 201721:00
cve
cvelist
CVE-2016-5091
23 Jan 201721:00
cvelist
euvd
EUVD-2020-0564
7 Oct 202500:30
euvd
euvd
EUVD-2022-4459
3 Oct 202520:07
euvd
nessus
FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)
20 Jul 201600:00
nessus
github
Extbase for TYPO3 allows RCE
17 May 202203:02
github
nvd
CVE-2016-5091
23 Jan 201721:59
nvd
Rows per page
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:typo3:typo3";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108058");
  script_version("2025-01-21T05:37:33+0000");
  script_cve_id("CVE-2016-5091");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2025-01-21 05:37:33 +0000 (Tue, 21 Jan 2025)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-01-26 16:39:00 +0000 (Thu, 26 Jan 2017)");
  script_tag(name:"creation_date", value:"2017-01-25 13:00:00 +0100 (Wed, 25 Jan 2017)");
  script_name("TYPO3 Extbase RCE Vulnerability (TYPO3-CORE-SA-2016-013)");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_dependencies("gb_typo3_http_detect.nasl");
  script_mandatory_keys("typo3/detected");

  script_xref(name:"URL", value:"https://typo3.org/security/advisory/typo3-core-sa-2016-013/");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/90832");

  script_tag(name:"summary", value:"TYPO3 is prone to a remote code execution (RCE) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Extbase request handling fails to implement a proper access check for requested
  controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by
  crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least
  one Extbase plugin or module action in a TYPO3 installation.");

  script_tag(name:"impact", value:"A remote attacker can leverage this issue to execute arbitrary
  code within the context of the application. Successful exploits will compromise the application
  and possibly the underlying system.");

  script_tag(name:"affected", value:"TYPO3 versions 4.3.0 through 6.2.23, 7.x prior to 7.6.8 and
  8.1.0 only.");

  script_tag(name:"solution", value:"Update to version 6.2.24, 7.6.8, 8.1.1 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "[0-9]+\.[0-9]+\.[0-9]+")) # nb: Version might not be exact enough
  exit(0);

version = infos["version"];
path = infos["location"];

if (version_in_range(version: version, test_version: "4.3.0", test_version2: "6.2.23")) {
  VULN = TRUE;
  fix = "6.2.24";
}

if (version =~ "^7\." && version_is_less(version: version, test_version: "7.6.8")) {
  VULN = TRUE;
  fix = "7.6.8";
}

if (version_is_equal(version: version, test_version: "8.1.0")) {
  VULN = TRUE;
  fix = "8.1.1";
}

if (VULN) {
  report = report_fixed_ver(installed_version: version, fixed_version: fix, install_path: path);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2025 00:00Current
8.4High risk
Vulners AI Score8.4
CVSS 26.8
CVSS 38.1
EPSS0.02575
53