TYPO3 Licensing Issue Vulnerability (CNVD-2022-17968)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 has a licensing issue vulnerability that stems from a breach of access control in the extension-bound media browser, which could be exploited by an attacker to execute a request to th...

Authorization

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...