It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.

CPENameOperatorVersion
typo3 cmsge6.2.16
typo3 cmsle6.2.51

CPE	Name	Operator	Version
	typo3 cms	ge	6.2.16
	typo3 cms	le	6.2.51

github 4

typo3 4

osv 8

prion 3

nvd 3

friendsofphp 4

veracode 2

cvelist 3

cve 3

openvas 2

nessus 2

ubuntucve 2

freebsd 2

github

Potential Remote Code Execution in TYPO3 with mediace extension

2020-07-29 16:15:12

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

2020-07-29 16:15:19

Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

2020-07-29 16:15:32

typo3

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

2020-07-28 00:00:00

Sensitive Information Disclosure

2020-07-28 00:00:00

Missing Access Check in TYPO3 CMS

2016-05-24 00:00:00

osv

Potential Remote Code Execution in TYPO3 with mediace extension

2020-07-29 16:15:12

Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS

2020-07-29 16:15:19

CVE-2020-15086

2020-07-29 17:15:13

prion

Design/Logic Flaw

2020-07-29 17:15:00

Remote code execution

2020-07-29 17:15:00

Deserialization of untrusted data

2017-01-23 21:59:00

nvd

CVE-2020-15086

2020-07-29 17:15:13

CVE-2020-15099

2020-07-29 17:15:13

CVE-2016-5091

2017-01-23 21:59:01

friendsofphp

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

2020-07-16 07:31:32

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

2020-07-16 07:31:32

TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

2020-07-28 08:18:30

veracode

Remote Code Execution (RCE)

2020-07-30 04:30:14

Remote Code Execution

2020-08-03 06:13:19

cvelist

CVE-2020-15086 Potential Remote Code Execution in TYPO3 with mediace extension

2020-07-29 16:15:30

CVE-2016-5091

2017-01-23 21:00:00

CVE-2020-15099 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

2020-07-29 16:15:15

cve

CVE-2020-15086

2020-07-29 17:15:13

CVE-2020-15099

2020-07-29 17:15:13

CVE-2016-5091

2017-01-23 21:59:01

openvas

TYPO3 Extbase RCE Vulnerability (TYPO3-CORE-SA-2016-013)

2017-01-25 00:00:00

TYPO3 9.0.0 < 9.5.20, 10.0.0 < 10.4.6 Multiple Vulnerabilities (TYPO3-CORE-SA-2020-007, TYPO3-CORE-SA-2020-008)

2020-07-30 00:00:00

nessus

FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)

2016-07-20 00:00:00

FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

2020-08-06 00:00:00

ubuntucve

CVE-2016-5091

2017-01-23 00:00:00

CVE-2020-15099

2020-07-29 00:00:00

freebsd

typo3 -- Missing access check in Extbase

2016-05-24 00:00:00

typo3 -- multiple vulnerabilities

2020-07-28 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.115 Low

EPSS

Percentile

95.3%

JSON

Related for TYPO3-PSA-2020-001