GHSA-M5VR-3M74-JWXP Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

GHSA-4H44-W6FM-548G Potential Remote Code Execution in TYPO3 with mediace extension

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9.1 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

CVE-2016-5091

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action...

CVE-2016-5091

CVE-2016-5091 – TYPO3 Extbase RCE/Info Disclosure : TYPO3’s Extbase component is vulnerable to remote code execution or sensitive information disclosure when processing a crafted Extbase action. Affected ranges include TYPO3 Extbase in 4.3.0–6.2.23, 7.x up to 7.6.7, and 8.1.0 up to 8.1.1. The roo...

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...