Lucene search
K

9 matches found

OSV
OSV
added 2026/06/12 7:32 p.m.10 views

GHSA-HWVQ-2W67-RVXP TYPO3 CMS has Broken Access Control in its Form Framework

Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...

7.6CVSS6.1AI score0.00253EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 7:32 p.m.14 views

EUVD-2026-35393

TYPO3 CMS has Broken Access Control in its Form Framework...

7.6CVSS5.2AI score0.00253EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/12 7:32 p.m.4 views

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted files that execute...

8.8CVSS6.1AI score0.00253EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 7:32 p.m.4 views

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted...

8.8CVSS6AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 11:16 a.m.15 views

CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:50 a.m.10 views

CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:50 a.m.76 views

CVE-2026-47346

Summary: CVE-2026-47346 affects TYPO3 CMS prior to certain patch versions, where backend users with file write perms can upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass upload restrictions. This can be exploited to execute arbitrary SQL statements and escalate...

7.6CVSS6AI score0.00253EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.7 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from the upload limit imposed on form definition files. This limit can be bypassed by using mixed uppercase and lowercase file extensions, allowing...

7.6CVSS6AI score0.00253EPSS
Exploits0References2
CNVD
CNVD
added 2018/12/17 12:0 a.m.2 views

zzzphp cms arbitrary file deletion vulnerability

zzzphp cms is a PHP-based content management system CMS. An arbitrary file deletion vulnerability exists in the 'delfile' function of the /admin/save.php file in version 1.5.8 of zzzphp cms, which allows a remote attacker to delete files with the help of a mixed upper and lower case extension and...

7.5CVSS7.1AI score0.01388EPSS
Exploits1References1
Rows per page
Query Builder