CVE-2005-4875Sensitive Information Exposure in CMS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedDec 31
Latest updateMay 1

Description

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Packagisttypo3/cms< 3.8.1
NVDtypo3/typo33.8.0+2

🔴Vulnerability Details

3
GHSA
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`2022-05-01
OSV
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`2022-05-01
CVEList
CVE-2005-4875: TYPO3 32008-05-19
CVE-2005-4875 — Sensitive Information Exposure in CMS | cvebase