Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS5.8AI score0.00389EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/19 9:16 a.m.10 views

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/19 9:16 a.m.27 views

CVE-2026-8727

The CVE-2026-8727 affects the TYPO3 Crawler extension (Site Crawler). The root cause is that the Crawler extension forwards the X-T3Crawler-Meta response header directly to PHP’s unserialize(), allowing an attacker-controlled crawled endpoint to inject arbitrary serialized PHP objects, leading to...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.15 views

PT-2026-41867

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2
Rows per page
Query Builder