5 matches found
CVE-2024-25121
creationtimestamp| type| source ---|---|--- 2024-02-14 00:22:04+00:00| seen| https://t.me/ctinow/184323...
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
CVE-2024-25121
CVE-2024-25121 is an access control vulnerability in TYPO3’s File Abstraction Layer (FAL). When persisting FAL entities directly via DataHandler, attackers with a valid backend account could reference files in the fallback storage (zero-storage) and retrieve file names and contents. The fallback ...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-006)
The version of TYPO3 installed on the remote host is prior to 8.0.0 isImporting = true;. CVE-2024-25121 Note t...
typo3-{11,12} -- multiple vulnerabilities
Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...