cbcvebase.

Typo3 Cms vulnerabilities

115 known vulnerabilities affecting typo3/cms.

Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11

Vulnerabilities

Page 1 of 6
CVE-2010-3714P3HIGHPoC≥ 4.2.0, < 4.2.15≥ 4.3.0, < 4.3.7+1 more2022-05-17
CVE-2010-3714 [HIGH] CWE-284 TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
ghsaosv
CVE-2009-0815P3MEDIUMPoC≥ 3.3, < 4.0.12≥ 4.1, < 4.1.10+1 more2022-05-02
CVE-2009-0815 [MEDIUM] CWE-200 TYPO3 leaks a hash secret in an error message TYPO3 leaks a hash secret in an error message The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
ghsaosv
CVE-2010-5099P3HIGHCVSS 7.1PoC≥ 4.2.0, < 4.2.16≥ 4.3.0, < 4.3.9+1 more2022-05-17
CVE-2010-5099 [HIGH] CWE-20 TYPO3 Path Traversal vulnerability TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption k
ghsaosv
CVE-2020-15098P2HIGHCVSS 8.1≥ 10.0.0, < 10.4.6≥ 9.0.0, < 9.5.202020-07-29
CVE-2020-15098 [HIGH] CWE-20 Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) > * CWE-325, CWE-20, CWE-200, CWE-502 ### Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data
ghsaosv
CVE-2020-11066P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11066 [HIGH] CWE-1321 Class destructors causing side-effects when being unserialized in TYPO3 CMS Class destructors causing side-effects when being unserialized in TYPO3 CMS Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message submission via email using identity of web site (mail relay) Another insecure deserialization vulnerability is req
ghsaosv
CVE-2011-4628P3CRITICAL≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4628 [CRITICAL] CWE-287 Typo3 Authentication Bypass Typo3 Authentication Bypass TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
ghsaosv
CVE-2017-14251P3HIGH≥ 7.6.0, < 7.6.22≥ 8.0.0, < 8.7.52022-05-17
CVE-2017-14251 [HIGH] CWE-434 TYPO3 Arbitrary Code Execution TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
ghsaosv
CVE-2020-11067P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11067 [HIGH] CWE-502 Insecure Deserialization in Backend User Settings in TYPO3 CMS Insecure Deserialization in Backend User Settings in TYPO3 CMS It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the probl
ghsaosv
CVE-2020-15099P3HIGH≥ 10.0.0, < 10.4.6≥ 9.0.0, < 9.5.202020-07-29
CVE-2020-15099 [HIGH] CWE-20 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5) > * CWE-20, CWE-200 ### Problem In case an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal _encryptionKey_ was expose
ghsaosv
CVE-2021-21355P3HIGH≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21355 [HIGH] CWE-434 Unrestricted File Upload in Form Framework Unrestricted File Upload in Form Framework ### Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. TYPO3 Extbase extensions, which implement a file upload and do not implement a custom _TypeConverter_ to transform up
ghsaosv
CVE-2022-23503P3HIGH≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23503 [HIGH] CWE-94 TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework ### Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item (known as [`formDefini
ghsaosv
CVE-2009-0258P3HIGH≥ 4.0.0, < 4.0.10≥ 4.1.0, < 4.1.8+1 more2022-05-02
CVE-2009-0258 [HIGH] CWE-20 Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
ghsaosv
CVE-2021-21357P3HIGH≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21357 [HIGH] CWE-20 Broken Access Control in Form Framework Broken Access Control in Form Framework ### Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _
ghsaosv
CVE-2019-11832P3HIGH≥ 8.0.0, < 8.7.25≥ 9.0.0, < 9.5.62022-05-24
CVE-2019-11832 [HIGH] CWE-20 TYPO3 Image Processing susceptible to Code Execution TYPO3 Image Processing susceptible to Code Execution TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.
ghsaosv
CVE-2019-12747P3HIGH≥ 8.0.0, < 8.7.27≥ 9.0.0, < 9.5.82022-05-24
CVE-2019-12747 [HIGH] CWE-502 TYPO3 Vulnerable to Insecure Deserialization TYPO3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
ghsaosv
CVE-2011-3583P3CRITICAL≥ 4.5.0, ≤ 4.5.52022-04-22
CVE-2011-3583 [CRITICAL] CWE-89 Typo3 SQL injection due to faulty prepared statements Typo3 SQL injection due to faulty prepared statements It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
ghsaosv
CVE-2019-19849P3HIGH≥ 10.0.0, < 10.2.1≥ 8.0.0, < 8.7.30+1 more2022-05-24
CVE-2019-19849 [HIGH] CWE-502 TYPO3 Insecure Deserialization in Query Generator & Query View TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user
ghsaosv
CVE-2022-36104P3HIGHCVSS 7.5≥ 11.4.0, < 11.5.162022-09-16
CVE-2022-36104 [HIGH] CWE-770 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling TYPO3 CMS vulnerable to Denial of Service in Page Error Handling > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itsel
ghsaosv
CVE-2022-23500P3HIGHCVSS 7.5≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.202022-12-13
CVE-2022-23500 [HIGH] CWE-405 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling TYPO3 CMS vulnerable to Denial of Service in Page Error Handling ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web
ghsaosv
CVE-2021-21339P3MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21339 [MEDIUM] CWE-312 Cleartext storage of session identifier Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 t
ghsaosv
Typo3 Cms vulnerabilities | cvebase