Lucene search
PRIOn knowledge basePRION:CVE-2023-47127HistoryNov 14, 2023 - 8:15 p.m.
Design/Logic Flaw
2023-11-1420:15:00
PRIOn knowledge base
www.prio-n.com
3
typo3
php
web content management
session cookie
reuse
unauthorized access
vulnerability
upgrade.
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
friendsofphp
friendsofphp
TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
2023-11-14 09:58:00
cvelist
cvelist
CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core
2023-11-14 19:26:07
veracode
veracode
Weak Authentication
2023-11-15 07:33:49
nessus
nessus
github
github
TYPO3 vulnerable to Weak Authentication in Session Handling
2023-11-14 18:30:21
nvd
nvd
CVE-2023-47127
2023-11-14 20:15:08
osv
osv
TYPO3 vulnerable to Weak Authentication in Session Handling
2023-11-14 18:30:21
BIT-typo3-2023-47127
2024-03-06 11:07:33
CVE-2023-47127
2023-11-14 20:15:08
cve
cve
CVE-2023-47127
2023-11-14 20:15:08
freebsd
freebsd
typo3 -- Multiple vulnerabilities
2023-11-14 00:00:00