116 matches found
EUVD-2021-2116
Malware in sbrugna...
EUVD-2015-1541
Malware in sbrugna...
EUVD-2022-4501
Malicious code in bioql PyPI...
EUVD-2022-3022
Malicious code in bioql PyPI...
EUVD-2022-4984
Malicious code in bioql PyPI...
EUVD-2022-4459
Malicious code in bioql PyPI...
CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...
Improper Access Control
typo3/cms is vulnerable to Improper Access Control. The vulnerability is due to improper validation for requested controller/action combinations, allowing attackers to execute arbitrary Extbase actions by crafting a special request...
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...
GHSA-HH95-5XM5-V8V7 TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...
GHSA-GWFX-P7MR-F92V Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to ...
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to ...
GHSA-5H5V-M596-R6RF TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since sensiti...
PT-2024-40101 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns insecure deserialization in Extbase request handling. It requires a user-submitted payload to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionK...
BIT-TYPO3-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
CVE-2024-24751
The vulnerability CVE-2024-24751 affects the sf_event_mgt TYPO3 extension (backend module). The root cause is mishandling of the RedirectResponse from the $this->redirect() function after upgrading to TYPO3 12.4, which breaks an existing access control check for events in the backend. This lea...
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt
sfeventmgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the RedirectResponse from the...
SUSE CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...