Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3714 — Improper Access Control in CMS

CWE-264 CWE-284 — Improper Access Control CWE-20 — Improper Input Validation CWE-22 — Path Traversal6 documents5 sources

Severity

7.1HIGHNVD

EPSS

35.5%

top 2.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Typo3 CMS Typo3

Timeline

PublishedOct 25

Latest updateMay 17

Description

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶Packagisttypo3/cms4.2.0 — 4.2.15+2

▶NVDtypo3/typo326 versions+25

Patches

Patch: typo3.org ↗Patch: typo3.org ↗

🔴Vulnerability Details

OSV

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism↗2022-05-17

▶

GHSA

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism↗2022-05-17

▶

GHSA

TYPO3 Path Traversal vulnerability↗2022-05-17

▶

CVEList

CVE-2010-3714: The jumpUrl (aka access tracking) implementation in tslib/class↗2010-10-25

▶

💥Exploits & PoCs

Exploit-DB

TYPO3 - Arbitrary File Retrieval↗2010-12-29

▶