TYPO3 Information Disclosure Vulnerability Exploitable by Editors

2024-05-3021:08:18

Google

osv.dev

typo3

information disclosure

exploitable

7 High

AI Score

Confidence

Low

JSON

It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.

CPENameOperatorVersion
typo3/cmseq6.2.10-rc1
typo3/cmseq6.2.6
typo3/cmseq7.0.0
typo3/cmseq6.2.13
typo3/cmseq7.0.1
typo3/cmseq6.2.1
typo3/cmseq6.2.7
typo3/cmseq6.2.0
typo3/cmseq6.2.9
typo3/cmseq6.2.11

Name	Operator	Version
typo3/cms	eq	6.2.10-rc1
typo3/cms	eq	6.2.6
typo3/cms	eq	7.0.0
typo3/cms	eq	6.2.13
typo3/cms	eq	7.0.1
typo3/cms	eq	6.2.1
typo3/cms	eq	6.2.7
typo3/cms	eq	6.2.0
typo3/cms	eq	6.2.9
typo3/cms	eq	6.2.11

Rows per page:

1-10 of 211

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml

github.com/TYPO3/typo3

github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a

typo3.org/security/advisory/typo3-core-sa-2015-005

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005

7 High

AI Score

Confidence

Low

JSON