Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:1361412562310126255HistoryDec 14, 2022 - 12:00 a.m.
TYPO3 Arbitrary Code Execution Vulnerability (TYPO3-CORE-SA-2022-015)
2022-12-1400:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
4
typo3
code execution
vulnerability
cve-2022-23503
elts
update
security advisory
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.9%
TYPO3 is prone to an arbitrary code execution vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:typo3:typo3";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126255");
script_version("2023-10-19T05:05:21+0000");
script_tag(name:"last_modification", value:"2023-10-19 05:05:21 +0000 (Thu, 19 Oct 2023)");
script_tag(name:"creation_date", value:"2022-12-14 11:26:09 +0000 (Wed, 14 Dec 2022)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-12-16 17:53:00 +0000 (Fri, 16 Dec 2022)");
script_cve_id("CVE-2022-23503");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("TYPO3 Arbitrary Code Execution Vulnerability (TYPO3-CORE-SA-2022-015)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_typo3_http_detect.nasl");
script_mandatory_keys("typo3/detected");
script_tag(name:"summary", value:"TYPO3 is prone to an arbitrary code execution vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The lack of separating user-submitted data from the internal
configuration in the Form Designer backend module.");
script_tag(name:"affected", value:"TYPO3 version 8.0.0 through 8.7.48 ELTS, 9.0.0 through 9.5.37
ELTS, 10.0.0 through 10.4.32, 11.0.0 through 11.5.19 and 12.0.0 through 12.1.0.");
script_tag(name:"solution", value:"Update to version 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20,
12.1.1 or later.
Note: Since version 12.1.1 contains a known regression, vendor suggests to use 12.1.2 instead.");
script_xref(name:"URL", value:"https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published");
script_xref(name:"URL", value:"https://typo3.org/security/advisory/typo3-core-sa-2022-015");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "[0-9]+\.[0-9]+\.[0-9]+")) # nb: Version might not be exact enough
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range_exclusive(version: version, test_version_lo: "8.0", test_version_up: "8.7.49")) {
report = report_fixed_ver(installed_version: version, fixed_version: "8.7.49", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "9.0", test_version_up: "9.5.38")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.5.38", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "10.0", test_version_up: "10.4.33")) {
report = report_fixed_ver(installed_version: version, fixed_version: "10.4.33", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "11.0", test_version_up: "11.5.20")) {
report = report_fixed_ver(installed_version: version, fixed_version: "11.5.20", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "12.0", test_version_up: "12.1.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "12.1.2", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2022-23503
2022-12-14 08:15:10
ubuntucve
ubuntucve
CVE-2022-23503
2022-12-14 00:00:00
osv
osv
BIT-typo3-2022-23503
2024-03-06 11:09:53
CVE-2022-23503
2022-12-14 08:15:10
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
2022-12-13 17:11:46
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework
2022-12-13 09:19:17
TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework
2022-12-13 09:19:17
cvelist
cvelist
veracode
veracode
Arbitrary Code Execution
2022-12-15 06:24:38
prion
prion
Code injection
2022-12-14 08:15:00
github
github
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
2022-12-13 17:11:46
nvd
nvd
CVE-2022-23503
2022-12-14 08:15:10
nessus
nessus
freebsd
freebsd
typo3 -- multiple vulnerabilities
2022-12-13 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.9%
Related for OPENVAS:1361412562310126255