Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:14 p.m.6 views

CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...

8.8CVSS7.6AI score0.0199EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/07/13 12:0 a.m.42 views

TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities

The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...

10CVSS7.2AI score0.0199EPSS
Exploits0References8
CVE
CVE
added 2020/05/13 11:25 p.m.148 views

CVE-2020-11067

TYPO3 CMS CVE-2020-11067 affects backend user settings (BE_USER-&gt;uc) deserialization in TYPO3 9.0.0–9.5.16 and 10.0.0–10.4.1, enabling remote code execution when combined with third‑party component vulnerabilities, exploitable by a valid backend user account. The issue has been fixed in TYPO3 ...

8.8CVSS9.1AI score0.0199EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/13 11:25 p.m.52 views

CVE-2020-11067 Deserialization of Untrusted Data in TYPO3 CMS

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...

8.8CVSS9.1AI score0.0199EPSS
Exploits0References1
Rows per page
Query Builder