Grav 代码注入漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a code injection vulnerability. This vulnerabili...

Linux Distros Unpatched Vulnerability : CVE-2026-35355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlin...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...

EUVD-2017-2472

Malware in sbrugna...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

Grav CMS 安全漏洞

Grav CMS is Grav open source a flat file-based content management system . Grav CMS suffers from a remote code execution vulnerability that originates from allowing authenticated administrators to upload malicious plugins via the admin/tools/direct-install interface, which can be exploited by an...

CVE-2024-55891

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the...

CVE-2024-55891 Information Disclosure via Exception Handling/Logger in TYPO3

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the...

Insertion of Sensitive Information into Log File

Overview typo3/cms-install is a TYPO3 extension install. The Install Tool is used for installation, upgrade, system administration and setup tasks. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to improper handling of sensitive informatio...

GHSA-38X7-CC6W-J27Q TYPO3 Information Disclosure via Exception Handling/Logger

Problem It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Solution Update to TYPO3 versions 13.4.3 LTS that fixes the problem described. Credits Thanks to TYPO3 core & security team member...

PT-2025-3142 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 13.4.3 ELTS Description: A problem has been discovered where the install tool password is logged as plaintext if the password hashing mechanism used for the password was incorrect. There are no known workarounds for th...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to failing to properly encode information from external sources, which could allow attackers to inject malicious scripts into the Install Tool language pack interface...

Sensitive Information Disclosure

typo3/cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated users...

TYPO3 Information Disclosure in Install Tool

The Install Tool exposes the current TYPO3 version number to non-authenticated users...

GHSA-6487-3QVG-8PX9 TYPO3 Information Disclosure in Install Tool

The Install Tool exposes the current TYPO3 version number to non-authenticated users...

GHSA-F777-F784-36GM TYPO3 Security Misconfiguration in Install Tool Cookie

It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool...

TYPO3 Security Misconfiguration in Install Tool Cookie

It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool...

GHSA-259V-XM34-P7FR Typo3 Cross-Site Scripting in Language Pack Handling

Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting...

Typo3 Cross-Site Scripting in Language Pack Handling

Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting...

Sensitive Information Disclosure

typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated users...