Lucene search
PRIOn knowledge basePRION:CVE-2020-26228HistoryNov 23, 2020 - 9:15 p.m.
Sql injection
2020-11-2321:15:00
PRIOn knowledge base
www.prio-n.com
4
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
Related
cvelist
cvelist
CVE-2020-26228 Cleartext storage of session identifier
2020-11-23 21:10:16
typo3
typo3
Cleartext storage of session identifier
2020-11-17 00:00:00
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
2020-11-17 08:50:08
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
2020-11-17 08:50:08
osv
osv
Cleartext storage of session identifier
2020-11-23 21:18:36
BIT-typo3-2020-26228
2024-03-06 11:11:34
CVE-2020-26228
2020-11-23 21:15:12
veracode
veracode
Information Disclosure
2020-11-24 06:15:30
nvd
nvd
CVE-2020-26228
2020-11-23 21:15:12
cve
cve
CVE-2020-26228
2020-11-23 21:15:12
github
github
Cleartext storage of session identifier
2020-11-23 21:18:36
openvas
openvas