EUVD-2022-2945

Malicious code in bioql PyPI...

EUVD-2025-15828

Malicious code in bioql PyPI...

CVE-2025-47940

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system...

TYPO3 Allows Privilege Escalation to System Maintainer

Problem Administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Solution Update to TYPO3 versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12...

GHSA-6FRX-J292-C844 TYPO3 Allows Privilege Escalation to System Maintainer

Problem Administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Solution Update to TYPO3 versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12...

CVE-2025-47940

TYPO3 CMS Privilege Escalation CVE-2025-47940 affects administrator-level backend users who lack system maintainer privileges; exploitation requires a valid admin account. The issue enables escalation to system maintainer access across multiple supported branches: 10.x up to 10.4.49 ELTS before 1...

CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system...

CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3, which originates from a possible elevation of privileges by an administrator user to gain access to the system maintainer. The following versions...

Command injection

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

Code Injection

typo3/cms-core is vulnerable to Code Injection. The vulnerability is due to improper validation of settings within the Install Tool when configuring the path to system binaries. This vulnerability is only exploitable by an administrator-level backend user with system maintainer permissions...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...

TYPO3 Install Tool vulnerable to Code Execution

Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves...

TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...

PT-2024-19263 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 8.7.0 through 8.7.56 ELTS TYPO3 versions 9.5.0 through 9.5.45 ELTS TYPO3 versions 10.4.0 through 10.4.42 ELTS TYPO3 versions 11.5.0 through 11.5.34 LTS TYPO3 versions 12.4.0 through 12.4.10 LTS TYPO3 versions prior to 13.0.1...

GHSA-77P4-WFR8-977W TYPO3 Directory Traversal on ZIP extraction

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. ...

TYPO3 Directory Traversal on ZIP extraction

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. ...

Protecting Install Tool with Sudo Mode

When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...

CVE-2019-19848

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. ...