38 matches found
TYPO3 10.0.0 < 10.4.46 ELTS / 11.0.0 < 11.5.40 / 12.0.0 < 12.4.21 / 13.0.0 < 13.3.1 (TYPO3-CORE-SA-2024-012)
The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.46 ELTS / 11.0.0 11.5.40 / 12.0.0 12.4.21 / 13.0.0 13.3.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-012 advisory. - Backend users could see items in the backend page tree without...
GHSA-F5RR-9R84-WWQF Typo3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
TYPO3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Problem The ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g. /index.php?eID=txcmsshowpic?file=3&...&frame=12345. This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side...
TYPO3 Install Tool vulnerable to Code Execution
Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves...
GHSA-H47M-3F78-QP9G TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Problem The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-001)
The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-001 advisory. - In TYPO3 11.5.24, the filelis...
TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)
The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...
GHSA-8W3P-QH3X-6GJR TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C 5.3 Problem Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messag...
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular...
GHSA-FFFR-7X4X-F98Q TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 5.5 Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the...
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...
TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-001)
TYPO3 is prone to an information disclosure vulnerability via the Export Module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...
Cross site request forgery (csrf)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...
CVE-2021-41113
CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...
CVE-2021-41114
TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...