cbcvebase.
CVE-2010-3714
published 2010-10-25

CVE-2010-3714: The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not…

PriorityP354high7.1CVSS 2.0
AVNACMAuNCCINAN
EXPLOIT
EPSS
24.56%
97.6th percentile
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
typo3cms>= 4.2.0 < 4.2.154.2.15
typo3cms>= 4.2.0 < 4.2.164.2.16
typo3cms>= 4.3.0 < 4.3.74.3.7
typo3cms>= 4.3.0 < 4.3.94.3.9
typo3cms>= 4.4.0 < 4.4.44.4.4
typo3cms>= 4.4.0 < 4.4.54.4.5
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3

CVSS provenance

nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
ghsa7.1HIGH
osv7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.