TYPO3 Licensing Issue Vulnerability (CNVD-2022-17968)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 has a licensing issue vulnerability that stems from a breach of access control in the extension-bound media browser, which could be exploited by an attacker to execute a request to th...

Authorization

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...

CVE-2021-43563

An issue was discovered in the pixxio aka pixx.io integration or DAM extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to...

CVE-2021-43562

The CVE-2021-43562 entry concerns the TYPO3 pixx.io integration (DAM) extension, affected when using versions before 1.0.6. The vulnerability is a server-side request forgery (SSRF) caused by insufficient restriction of image downloads to the configured pixx.io DAM URL, enabling an attacker to fe...

Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

The extension fails to restrict the image download to the configured pixx.io DAM URL resulting in Server-side request forgery. As a result of the Server-side request forgery vulnerability, an attacker can download various content from a remote location and save it to a user controlled filename...