Remote Code Execution (RCE)

typo3/cms is vulnerable to insecure cryptography. During installation with mediace extension, the vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data, allowing an attacker with at least one Extbase plugin or module action to...

Insecure Cryptography

typo3/cms is vulnerable to insecure cryptography. The vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data...

CVE-2020-15098

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic...

CVE-2020-15098

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic...

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

GHSA-M5VR-3M74-JWXP Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

PT-2020-14182 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.19 TYPO3 CMS versions 10.0.0 through 10.4.5 Description: A flaw in the internal verification mechanism allows the generation of arbitrary checksums, enabling the injection of arbitrary data with a valid...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...

Critical vulnerability in legacy versions of TYPO3 CMS

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...