473 matches found
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt)
A missing access check in the backend module allows an authenticated backend user to export participant data for events which the user does not have access to, resulting in Information Disclosure...
Information Disclosure in extension "Localization Manager" (l10nmgr)
A missing access check allows an authenticated backend user to view and export data of translatable fields which are outside of the users access scope resulting in Information Disclosure...
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
The extension fails to properly encode user input for output in HTML context. In addition, the extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting...
Critical vulnerability in legacy versions of TYPO3 CMS
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Sensitive Information Disclosure
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...
Potential Privilege Escalation
In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the...
Remote Code Execution in extension "Turn!" (turn)
The extensions fails to sanitize user input resulting in Remote Code Execution. The issue is only exploitable, when the attacker has FTP/SFTP access to the TYPO3 website...
Multiple vulnerabilities in extension "mm_forum" (mm_forum)
The extension fails to properly encode user input for output in HTML context. Also the extension fails to implement a CSRF protection for update profile plugin...
Cross-Site Scripting in extension "Faceted Search" (ke_search)
The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to indexer- and filter-configurations...
Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)
The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to TypoScript settings of the extension...
Broken Access Control in extension "typo3_forum" (typo3_forum)
The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list...
Cross-Site Scripting in Form Engine
It has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability...
SQL Injection in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Information Disclosure in Password Reset
It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email address exists or not...
Same-Origin Request Forgery to Backend User Interface
It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...
Insecure Deserialization in Backend User Settings
It has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability...
Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it is still evaluated in browsers can lead to Cross-Site Scripting...
Class destructors causing side-effects when being unserialized
Calling unserialize on malicious user-submitted content can result in the following scenarios:...
Cross-Site Scripting in Link Handling
It has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting - properties being assigned as HTML attributes have not been parsed correctly...
Sensitive Data Exposure in extension "Job Fair" (jobfair)
The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files e.g uploads/txjobfair/cv.pdf...
Multiple vulnerabilities in extension "Direct Mail" (direct_mail)
Denial of Service CVE-2020-12697 The extension provides a functionality to log clicks on links in sent newsletters. This functionality does not limit the amount of log entries generated per link, so it is possible to use a valid link to fill the log table with a huge amount of records...
Broken Access Control in extension "gForum" (g_forum)
The extension fails to check access rights of authenticated frontend users allowing to create, edit and delete various records of the extension without proper permission...
Remote Code Execution in extension "PHPUnit" (phpunit)
A PHP script located in “src/Util/PHP/eval-stdin.php” can be used to execute arbitrary PHP code in context of the webserver. The vulnerability is only exploitable if the vendor/ directory is publicly accessible...
SQL Injection in extension "phpmyadmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)
An authenticated backend user can use the backend module to upload arbitrary files resulting in Remote Code Execution. Also, the backend module is susceptible to path traversal which allows an authenticated backend user to upload and overwrite files in all locations the webserver has access to...
Cross Site Scripting in extension "File List" (file_list)
The extension fails to properly encode user input for output in HTML context...
CSRF in extension "Change password for frontend users" (fe_change_pwd)
The extension fails to implement a CSRF protection for update password action...
Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized...
Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)
The extension fails to validate the response from the Identity Provider which allows an attacker to create various frontend users on affected TYPO3 websites...
Cross-Site Scripting in Link Handling
It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink...
SQL Injection in low-level Query Generator
Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection...
Directory Traversal on ZIP extraction
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal...
Insecure Deserialization in Query Generator & Query View
It has been discovered that classes QueryGenerator and QueryView are vulnerable to insecure deserialization...
Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)
Failing to properly check access rights, the extension is susceptible to privilege escalation, making it possible for a logged in frontend user to modify other frontend user records...
Cross-Site Scripting Vulnerabilities in File Upload Handling
TYPO3 allows to upload files either in the backend user interface as well as in custom developed extensions. To reduce the possibility to upload potential malicious code TYPO3 uses the fileDenyPattern to deny e.g. user submitted PHP scripts from being persisted. Besides that it is possible for an...
CSRF in extension "femanager" (femanager)
The extension fails to implement a CSRF protection for edit and delete actions...
Cross-Site Scripting in Filelist Module
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences...
Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...
SQL Injection in extension "URL redirect" (url_redirect)
The extension fails to properly sanitize user input and is susceptible to SQL Injection...
Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)
The extension fails to sanitize user input which allows to execute arbitrary Extbase actions resulting in Remote Code Execution...
Information Disclosure in extension "Direct Mail" (direct_mail)
A missing access check in the backend module of the extension allows a backend user without access to configured tables e.g. feusers, ttaddress to view and export data of users subscribed to a newsletter...
Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)
The extension allows to upload arbitrary files to the webserver. For versions 1.2.2 and below, this vulnerability results in Remote Code Execution. In versions later than 1.2.2, the vulnerability can result in Denial of Service, since the webspace can be filled up with arbitrary files. The...
Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...
Insecure Deserialization in TYPO3 CMS
It has been discovered that FormEngine and DataHandler are vulnerable to insecure deserialization. A valid backend user account is needed in order to exploit this vulnerability...
Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...
Cross-Site Scripting in Link Handling
It has been discovered that the t3:// URL handling is vulnerable to cross-site scripting when making use of javascript: or data: scheme in link fields like the following...
Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...