GHSA-GWFX-P7MR-F92V Missing Access Check in TYPO3 CMS

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to ...

Remote Code Execution (RCE)

typo3/cms is vulnerable to insecure cryptography. During installation with mediace extension, the vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data, allowing an attacker with at least one Extbase plugin or module action to...

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

Pluck Arbitrary Code Execution Vulnerability

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck version 4.7.9-dev1. The vulnerability can be exploited to execute arbitrary code by uploading a ZIP archive file with the action=installmodule URL...

FineCms SQL Injection Vulnerability (CNVD-2017-18530)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A SQL injection vulnerability exists in FineCms version 5.0.9. A remote attacker can inject arbitrary SQL commands with the help of the 'field' parameter in an action=module, action=member,...