473 matches found
Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data...
By-passing protection of Phar Stream Wrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...
By-passing protection of Phar Stream Wrapper Interceptor
Insecure deserialization is a vulnerability which occurs when untrusted data is used to abuse the logic of an application. In July 2018, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the TYPO3 core. For more details...
SQL Injection in extension "Event Calender" (pits_wd_calender)
The extension fails to properly sanitize user input and is susceptible to SQL Injection...
Arbitrary file Upload in extension "Yet Another Gallery" (yag)
The extension contains the 3rd party component “Uploadify”, which includes a demo script for uploading files with the file extensions “jpg”, “jpeg”, “gif” and “png” to the server. Also, a demo script is present, which allows to check for the existence of a given filename...
Cross-Site Scripting in Fluid Engine
It has been discovered that the Fluid Engine package typo3fluid/fluid is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like the following...
Security Misconfiguration since TYPO3 9.4.0
Salted Passwords was bundled in TYPO3 as ext:saltedpasswords and got merged with the core component ext:core with TYPO3 v9.4.0 see documentation of issue 85833...
SQL Injection in extension "Faceted Search" (ke_search)
The extension fails to properly sanitize user input and is susceptible to SQL Injection...
Possible Arbitrary Code Execution in Image Processing
Image processing, e.g. for generating thumbnails, is actually delegated to ImageMagick or GraphicsMagick for the low-level processing. Whenever ImageMagick is invoked in order to convert data the mime-type of the source is identified for invoking according coders when reading data. In case an...
Cross Site Scripting in extension "Instagram" (ws_instagram)
The extension fails to properly encode user input for output in HTML context...
Open Redirect in extension "Hairu" (hairu)
The extension fails to validate user input for the parameter “redirecturl”, which allows a redirect to an arbitrary URL after a successful user login...
Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user credentials...
Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability...
Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)
The extension fails to properly encode user input for output in HTML context...
Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, cross-site scripting is possible in the tooltip or popover data-template attribute...
Cross-Site Scripting in jQuery before 3.4.0
jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)
The extension fails to validate arguments passed to a shell command resulting in Remote Code Execution. The issue is only exploitable, if an attacker is able to upload files directly e.g. SFTP or FTP to the filesystem...
SQL Injection in extension "comsolit Suggest" (comsolit_suggest)
The extension fails to properly sanitize user input and is susceptible to SQL Injection...
Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...
Cross-Site Scripting in Flash component (ELTS)
It has been discovered, that the third party component websvg is vulnerable to cross-site scripting. A browser with Flash plugin installed is needed in order to exploit this vulnerability...
Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Multiple vulnerabilities have been found in the phpMyAdmin component...
Multiple vulnerabilities in extension "typo3_forum" (typo3_forum)
The extension fails to property check User Access Rights to posts which makes it possible for registered forum users to modify and take over posts of foreign users. The extension also creates an upload directory with 777 permissions...
Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...
Broken Access Control in Localization Handling
It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...
Cross-Site Scripting in Bootstrap CSS toolkit
It has been discovered that the third party library Bootstrap CSS toolkit is vulnerable to cross-site scripting. Details are mentioned in a dedicated vulnerability report at...
Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions...
Object Injection in extension "mkmailer" (mkmailer)
It was discovered that included 3rd party library PHPMailer is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code...
Cross-Site Scripting in Language Pack Handling
Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting...
Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability...
Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting...
Multiple vulnerabilities in extension "femanager" (femanager)
It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...
Cross-Site Scripting in CKEditor
It has been discovered, that the third party library CKEditor is vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability...
Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability...
Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool...
Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile...
Denial of Service in Online Media Asset Handling
Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...
Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality aka “basic shopping cart” using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual...
Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users...
Cross-Site Scripting in extension "libconnect" (libconnect)
The extension fails to properly encode user input for output in HTML context...
Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Captcha bypass in extension "Front End User Registration" (sr_feuser_register)
When the extension is used together with the TYPO3 Extension srfreecap, it is possible to bypass the catcha in the registration form...
Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)
The extension fails to properly encode user input for output in HTML context...
Cross-site scripting vulnerability in extension "Powermail" (powermail)
The extension uses \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS, which is known to be vulnerable to XSS...
Missing Access Check in extension "Register to tt_address" (registeraddress)
Due to a missing access check, it is possible to delete certain ttaddress records...
Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...