Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2020-014HistoryJul 28, 2020 - 12:00 a.m.
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
2020-07-2800:00:00
TYPO3 Association
typo3.org
8
0.115 Low
EPSS
Percentile
95.3%
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
Related
github
github
Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:12
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
2020-07-29 16:15:19
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
2020-07-29 16:15:32
osv
osv
Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:12
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
2020-07-29 16:15:19
CVE-2020-15086
2020-07-29 17:15:13
typo3
typo3
Critical vulnerability in legacy versions of TYPO3 CMS
2020-07-28 00:00:00
Sensitive Information Disclosure
2020-07-28 00:00:00
Missing Access Check in TYPO3 CMS
2016-05-24 00:00:00
prion
prion
Design/Logic Flaw
2020-07-29 17:15:00
Remote code execution
2020-07-29 17:15:00
Deserialization of untrusted data
2017-01-23 21:59:00
nvd
nvd
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
2020-07-28 08:18:30
veracode
veracode
Remote Code Execution (RCE)
2020-07-30 04:30:14
Remote Code Execution
2020-08-03 06:13:19
cvelist
cvelist
CVE-2016-5091
2017-01-23 21:00:00
cve
cve
openvas
openvas
freebsd
freebsd
typo3 -- Missing access check in Extbase
2016-05-24 00:00:00
typo3 -- multiple vulnerabilities
2020-07-28 00:00:00
nessus
nessus
ubuntucve
ubuntucve
CVE-2016-5091
2017-01-23 00:00:00
CVE-2020-15099
2020-07-29 00:00:00