Privilege Escalation in TYPO3 CMS

2024-06-0514:18:58

Google

osv.dev

typo3 cms

privilege escalation

workspace

version preview

admin panel configuration

vulnerability

6.8 Medium

AI Score

Confidence

Low

JSON

The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.

CPENameOperatorVersion
typo3/cmseq6.2.11
typo3/cmseq6.2.5
typo3/cmseq6.2.0
typo3/cmseq7.6.4
typo3/cmseq6.2.13
typo3/cmseq8.0.0
typo3/cmseq7.6.0
typo3/cmseq6.2.1
typo3/cmseq6.2.6
typo3/cmseq7.6.3

Name	Operator	Version
typo3/cms	eq	6.2.11
typo3/cms	eq	6.2.5
typo3/cms	eq	6.2.0
typo3/cms	eq	7.6.4
typo3/cms	eq	6.2.13
typo3/cms	eq	8.0.0
typo3/cms	eq	7.6.0
typo3/cms	eq	6.2.1
typo3/cms	eq	6.2.6
typo3/cms	eq	7.6.3

Rows per page:

1-10 of 271

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-04-12-4.yaml

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-012

6.8 Medium

AI Score

Confidence

Low

JSON