Lucene search
K

9 matches found

OSV
OSV
added 2026/06/12 7:32 p.m.8 views

GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework

Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS5.9AI score0.00244EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/09 10:50 a.m.31 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS0.00253EPSS
Exploits0References3
Snyk
Snyk
added 2025/01/14 3:40 p.m.4 views

Exposed Dangerous Method or Function

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate or delete persisted form definitions by deceiving a...

5.4CVSS6.9AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.4 views

PT-2024-25813 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.47 ELTS TYPO3 versions 10.0.0 through 10.4.44 ELTS TYPO3 versions 11.0.0 through 11.5.36 LTS TYPO3 versions 12.0.0 through 12.4.14 LTS TYPO3 versions 13.0.0 through 13.0.0 Description: The form manager backend...

5.4CVSS6.8AI score0.00502EPSS
Exploits0References9
OSV
OSV
added 2023/08/23 6:15 a.m.3 views

CVE-2023-41100

An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...

5.3CVSS5.8AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/22 12:0 a.m.4 views

PT-2023-27786 · Hcaptcha +1 · Hcaptcha +1

Name of the Vulnerable Software and Affected Versions: hCaptcha for EXT:form extension versions prior to 2.1.2 for TYPO3 Description: An issue was discovered in the hcaptcha extension, where it fails to check that the required captcha field is submitted in the form data, allowing a remote user to...

5.3CVSS5.1AI score0.00515EPSS
Exploits0References8
CNVD
CNVD
added 2016/07/22 12:0 a.m.1 views

TYPO3 Form Component Arbitrary File Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. An arbitrary file disclosure vulnerability exists in the TYPO3 Form component. An attacker could exploit this vulnerability to obtain sensitive information because the program...

6.5AI score
Exploits0References1
NVD
NVD
added 2013/12/23 11:55 p.m.17 views

CVE-2013-7081

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS6.2AI score0.01017EPSS
Exploits0References3
Prion
Prion
added 2013/12/23 11:55 p.m.20 views

Design/Logic Flaw

The old Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors...

4.9CVSS6.7AI score0.01017EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder