PT-2021-14439 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 Description: The issue arises from the lack of ensuring file extensions belong to configured allowed mime-types,...

The vulnerability of the extbase extension of the TYPO3 content management system allows a hacker to execute arbitrary code.

The vulnerability of the extbase extension of the TYPO3 content management system arises from deserialization issues. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Remote Code Execution

friendsoftypo3/mediace is vulnerable to remote code execution. An attacker who has access to Extbase plugin or module action within a TYPO3 installation is able to execute arbitrary code by injecting arbitrary data with a valid cryptographic MAC. The vulnerability exists due to an insecure intern...

Remote Code Execution (RCE)

typo3/cms is vulnerable to insecure cryptography. During installation with mediace extension, the vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data, allowing an attacker with at least one Extbase plugin or module action to...

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

Possible Insecure Deserialization in Extbase Request Handling

It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized...

CVE-2010-3672

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

CVE-2010-3672

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

Design/Logic Flaw

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

CVE-2010-3672

TYPO3 CVE-2010-3672 affects TYPO3 < 4.3.4 and

CVE-2010-3672

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

Remote code execution

The srfreecap aka freeCap CAPTCHA extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution...

Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)

The extension fails to sanitize user input which allows to execute arbitrary Extbase actions resulting in Remote Code Execution...

Typo3 CMS Static Info Tables 6.7.3 Database Disclosure

Exploit Title : Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org - extensions.typo3.org/extension/staticinfotables/ Software Download Link :...

TYPO3 T3Blog Extbase Extension Cross-Site Scripting Vulnerability

Typo3 is one of the leading brands of open source content management systems CMS and content management frameworks CMF based on PHP and MySQL databases and is a powerful open source solution. A cross-site scripting vulnerability exists in TYPO3 T3Blog Extbase Extension that stems from...

TYPO3 Content Rating Extbase Extension SQL Injection Vulnerability

TYPO3 is a content management system based on PHP4/PHP5+MYsql. TYPO3 Content Rating Extbase Extension suffers from a SQL injection vulnerability due to the program's failure to adequately filter user-supplied data before it is used in SQL queries. An attacker can exploit the vulnerability to...