Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:38493
HistoryDec 15, 2022 - 6:24 a.m.

Arbitrary Code Execution

2022-12-1506:24:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
arbitrary code
execution
vulnerable
typoscript
php
configuration
form designer
backend module

EPSS

0.001

Percentile

39.0%

typo3/cms and typo3/cms-core are vulnerable to arbitrary code execution. An attacker is able to inject and execute malicious TypoScript as PHP code due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module.