cbcvebase.
CVE-2009-0258
published 2009-01-22

CVE-2009-0258: The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers…

PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.31%
87.0th percentile
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Affected

25 ranges
VendorProductVersion rangeFixed in
typo3cms>= 4.0.0 < 4.0.104.0.10
typo3cms>= 4.1.0 < 4.1.84.1.8
typo3cms>= 4.2.0 < 4.2.44.2.4
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.