TYPO3 Denial of Service in Frontend Record Registration

2024-05-3015:36:27

Google

osv.dev

typo3

denial of service

frontend

record registration

vulnerability

anonymous user sessions

database.

7.1 High

AI Score

Confidence

High

JSON

TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database.

CPENameOperatorVersion
typo3/cms-coreeq8.7.11
typo3/cms-coreeq8.7.7
typo3/cms-coreeq8.7.9
typo3/cms-coreeq8.7.10
typo3/cms-coreeq8.7.8
typo3/cms-coreeq8.7.14
typo3/cms-coreeq8.7.15
typo3/cms-coreeq8.7.12
typo3/cms-coreeq8.7.20
typo3/cms-coreeq8.7.13

Name	Operator	Version
typo3/cms-core	eq	8.7.11
typo3/cms-core	eq	8.7.7
typo3/cms-core	eq	8.7.9
typo3/cms-core	eq	8.7.10
typo3/cms-core	eq	8.7.8
typo3/cms-core	eq	8.7.14
typo3/cms-core	eq	8.7.15
typo3/cms-core	eq	8.7.12
typo3/cms-core	eq	8.7.20
typo3/cms-core	eq	8.7.13

Rows per page:

1-10 of 141

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-7.yaml

github.com/TYPO3-CMS/core

github.com/TYPO3-CMS/core/commit/5a44f93e9233e8f72159f9a67db26ed4bd5a10e0

typo3.org/security/advisory/typo3-core-sa-2018-012

7.1 High

AI Score

Confidence

High

JSON