Privilege Escalation & SQL Injection in TYPO3 CMS

2024-06-0515:10:19

Google

osv.dev

typo3 cms

privilege escalation

sql injection

form framework

system configuration

user configuration

vulnerability

backend user account

system extension

8.1 High

AI Score

Confidence

Low

JSON

Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension “form”) is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be modified - this applies to definitions managed using the form editor module as well as direct file upload using the regular file list module. A valid backend user account as well as having system extension form activated are needed in order to exploit this vulnerability.

CPENameOperatorVersion
typo3/cmseq8.7.9
typo3/cmseq8.7.8
typo3/cmseq8.7.14
typo3/cmseq8.5.1
typo3/cmseq8.6.1
typo3/cmseq8.7.12
typo3/cmseq8.7.6
typo3/cmseq9.1.0
typo3/cmseq8.5.0
typo3/cmseq8.7.10

Name	Operator	Version
typo3/cms	eq	8.7.9
typo3/cms	eq	8.7.8
typo3/cms	eq	8.7.14
typo3/cms	eq	8.5.1
typo3/cms	eq	8.6.1
typo3/cms	eq	8.7.12
typo3/cms	eq	8.7.6
typo3/cms	eq	9.1.0
typo3/cms	eq	8.5.0
typo3/cms	eq	8.7.10

Rows per page:

1-10 of 271

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-3.yaml

github.com/TYPO3/typo3

typo3.org/security/advisory/typo3-core-sa-2018-003

8.1 High

AI Score

Confidence

Low

JSON