7 matches found
FreeBSD : typo3-{11,12} -- multiple vulnerabilities (1ad3d264-e36b-11ee-9c27-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ad3d264-e36b-11ee-9c27-40b034429ecf advisory. - In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrat...
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-001)
The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-001 advisory. - In TYPO3 11.5.24, the filelis...
typo3-{11,12} -- multiple vulnerabilities
Typo3 developers reports: All versions are security releases and contain important security fixes - read the corresponding security advisories here: Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451 Code Execution in TYPO3 Install Tool CVE-2024-22188 Information Disclosure of...
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrator panel to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in datasysfilestoragedatasDEFlDEFbasePathvDEF...
CVE-2023-30451
In TYPO3 11.5.24, the filelist component allows attackers who have access to the administrator panel to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in datasysfilestoragedatasDEFlDEFbasePathvDEF...
CVE-2023-30451
Summary: CVE-2023-30451 affects TYPO3 11.5.24, where the Filelist component allows an authenticated administrator to read arbitrary files via directory traversal in the baseuri field, demonstrated by POST /typo3/record/edit using ../../../ in data[sys_file_storage][data][sDEF][lDEF][basePath][vDE...
TYPO3 11.5.24 Path Traversal
Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability Authenticated Date: Apr 9, 2023 Exploit Author: Saeed reza Zamanian Software Link: https://get.typo3.org/release-notes/11.5.24 Version: 11.5.24 Tested on: Kali 2022.3 CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows...