Lucene search
GoogleOSV:CVE-2020-26228HistoryNov 23, 2020 - 9:15 p.m.
CVE-2020-26228
2020-11-2321:15:12
Google
osv.dev
5
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
Related
prion
prion
Sql injection
2020-11-23 21:15:00
cvelist
cvelist
CVE-2020-26228 Cleartext storage of session identifier
2020-11-23 21:10:16
typo3
typo3
Cleartext storage of session identifier
2020-11-17 00:00:00
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
2020-11-17 08:50:08
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
2020-11-17 08:50:08
veracode
veracode
Information Disclosure
2020-11-24 06:15:30
osv
osv
BIT-typo3-2020-26228
2024-03-06 11:11:34
Cleartext storage of session identifier
2020-11-23 21:18:36
cve
cve
CVE-2020-26228
2020-11-23 21:15:12
github
github
Cleartext storage of session identifier
2020-11-23 21:18:36
nvd
nvd
CVE-2020-26228
2020-11-23 21:15:12
openvas
openvas