typo3/cms is vulnerable to insecure cryptography. The vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data.
github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1
github.com/TYPO3/TYPO3.CMS/commit/d2842eb11a338f69f79f744fa050d475d4c0fda3
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp
typo3.org/security/advisory/typo3-core-sa-2016-013
typo3.org/security/advisory/typo3-core-sa-2020-008