Typo3 Cms vulnerabilities
115 known vulnerabilities affecting typo3/cms.
Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11
Vulnerabilities
Page 1 of 6
CVE-2010-3714P3HIGHPoC≥ 4.2.0, < 4.2.15≥ 4.3.0, < 4.3.7+1 more2022-05-17
CVE-2010-3714 [HIGH] CWE-284 TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
ghsaosv
CVE-2009-0815P3MEDIUMPoC≥ 3.3, < 4.0.12≥ 4.1, < 4.1.10+1 more2022-05-02
CVE-2009-0815 [MEDIUM] CWE-200 TYPO3 leaks a hash secret in an error message
TYPO3 leaks a hash secret in an error message
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
ghsaosv
CVE-2010-5099P3HIGHCVSS 7.1PoC≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5099 [HIGH] CWE-20 TYPO3 Path Traversal vulnerability
TYPO3 Path Traversal vulnerability
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption k
ghsaosv
CVE-2020-15098P2HIGHCVSS 8.1≥ 10.0.0, < 10.4.6≥ 9.0.0, < 9.5.202020-07-29
CVE-2020-15098 [HIGH] CWE-20 Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2)
> * CWE-325, CWE-20, CWE-200, CWE-502
### Problem
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data
ghsaosv
CVE-2020-11066P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11066 [HIGH] CWE-1321 Class destructors causing side-effects when being unserialized in TYPO3 CMS
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Calling unserialize() on malicious user-submitted content can result in the following scenarios:
- trigger deletion of arbitrary directory in file system (if writable for web server)
- trigger message submission via email using identity of web site (mail relay)
Another insecure deserialization vulnerability is req
ghsaosv
CVE-2011-4628P3CRITICAL≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4628 [CRITICAL] CWE-287 Typo3 Authentication Bypass
Typo3 Authentication Bypass
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
ghsaosv
CVE-2017-14251P3HIGH≥ 7.6.0, < 7.6.22≥ 8.0.0, < 8.7.52022-05-17
CVE-2017-14251 [HIGH] CWE-434 TYPO3 Arbitrary Code Execution
TYPO3 Arbitrary Code Execution
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
ghsaosv
CVE-2020-11067P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11067 [HIGH] CWE-502 Insecure Deserialization in Backend User Settings in TYPO3 CMS
Insecure Deserialization in Backend User Settings in TYPO3 CMS
It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability.
Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the probl
ghsaosv
CVE-2020-15099P3HIGH≥ 10.0.0, < 10.4.6≥ 9.0.0, < 9.5.202020-07-29
CVE-2020-15099 [HIGH] CWE-20 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5)
> * CWE-20, CWE-200
### Problem
In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal _encryptionKey_ was expose
ghsaosv
CVE-2021-21355P3HIGH≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21355 [HIGH] CWE-434 Unrestricted File Upload in Form Framework
Unrestricted File Upload in Form Framework
### Problem
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_.
TYPO3 Extbase extensions, which implement a file upload and do not implement a custom _TypeConverter_ to transform up
ghsaosv
CVE-2022-23503P3HIGH≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23503 [HIGH] CWE-94 TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
### Problem
Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code.
The existence of individual TypoScript instructions for a particular form item (known as [`formDefini
ghsaosv
CVE-2009-0258P3HIGH≥ 4.0.0, < 4.0.10≥ 4.1.0, < 4.1.8+1 more2022-05-02
CVE-2009-0258 [HIGH] CWE-20 Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
ghsaosv
CVE-2021-21357P3HIGH≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21357 [HIGH] CWE-20 Broken Access Control in Form Framework
Broken Access Control in Form Framework
### Problem
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework.
In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _
ghsaosv
CVE-2019-11832P3HIGH≥ 8.0.0, < 8.7.25≥ 9.0.0, < 9.5.62022-05-24
CVE-2019-11832 [HIGH] CWE-20 TYPO3 Image Processing susceptible to Code Execution
TYPO3 Image Processing susceptible to Code Execution
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
For a successful exploit, the GhostScript binary `gs` must be available on the server system.
ghsaosv
CVE-2019-12747P3HIGH≥ 8.0.0, < 8.7.27≥ 9.0.0, < 9.5.82022-05-24
CVE-2019-12747 [HIGH] CWE-502 TYPO3 Vulnerable to Insecure Deserialization
TYPO3 Vulnerable to Insecure Deserialization
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
ghsaosv
CVE-2011-3583P3CRITICAL≥ 4.5.0, ≤ 4.5.52022-04-22
CVE-2011-3583 [CRITICAL] CWE-89 Typo3 SQL injection due to faulty prepared statements
Typo3 SQL injection due to faulty prepared statements
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
ghsaosv
CVE-2019-19849P3HIGH≥ 10.0.0, < 10.2.1≥ 8.0.0, < 8.7.30+1 more2022-05-24
CVE-2019-19849 [HIGH] CWE-502 TYPO3 Insecure Deserialization in Query Generator & Query View
TYPO3 Insecure Deserialization in Query Generator & Query View
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user
ghsaosv
CVE-2022-36104P3HIGHCVSS 7.5≥ 11.4.0, < 11.5.162022-09-16
CVE-2022-36104 [HIGH] CWE-770 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5)
### Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itsel
ghsaosv
CVE-2022-23500P3HIGHCVSS 7.5≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.202022-12-13
CVE-2022-23500 [HIGH] CWE-405 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
### Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web
ghsaosv
CVE-2021-21339P3MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21339 [MEDIUM] CWE-312 Cleartext storage of session identifier
Cleartext storage of session identifier
### Problem
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.
### Solution
Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 t
ghsaosv
1 / 6Next →