3 matches found
Code Injection
typo3/cms-core is vulnerable to Code Injection. The vulnerability is due to improper validation of settings within the Install Tool when configuring the path to system binaries. This vulnerability is only exploitable by an administrator-level backend user with system maintainer permissions...
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS'SYS''encryptionKey' was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes...
TYPO3 Install Tool vulnerable to Code Execution
Problem Several settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. The corresponding change for this advisory involves...