Typo3 Cms vulnerabilities

CVE-2019-19849 [HIGH] CWE-502 TYPO3 Insecure Deserialization in Query Generator & Query View TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user

CVE-2019-11832 [HIGH] CWE-20 TYPO3 Image Processing susceptible to Code Execution TYPO3 Image Processing susceptible to Code Execution TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary `gs` must be available on the server system.

CVE-2019-12748 [MEDIUM] CWE-79 Typo3 Cross-Site Scripting in Link Handling Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.

CVE-2019-19850 [MEDIUM] TYPO3 SQL Injection in low-level Query Generator TYPO3 SQL Injection in low-level Query Generator An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.

CVE-2019-19848 [MEDIUM] CWE-22 TYPO3 Directory Traversal on ZIP extraction TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)

CVE-2020-8091 [MEDIUM] CWE-79 Typo3 Cross-Site Scripting in Flash component (ELTS) Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

CVE-2014-3945 [CRITICAL] CWE-287 TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a pa

CVE-2010-3714 [HIGH] CWE-284 TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2017-14251 [HIGH] CWE-434 TYPO3 Arbitrary Code Execution TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

CVE-2010-5099 [HIGH] CWE-20 TYPO3 Path Traversal vulnerability TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption k

CVE-2013-4250 [HIGH] CWE-20 TYPO3 doesn't properly check file extensions TYPO3 doesn't properly check file extensions The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

CVE-2014-9509 [HIGH] CWE-20 Typo3 Vulnerable to Cache Poisoning Typo3 Vulnerable to Cache Poisoning **Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser wh

CVE-2013-4701 [HIGH] CWE-400 PHP OpenID Library Denial of Service vulnerability PHP OpenID Library Denial of Service vulnerability Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2010-5103 [MEDIUM] CWE-89 TYPO3 SQL Injection vulnerability TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

CVE-2016-4056 [MEDIUM] CWE-79 TYPO3 Backend component Cross-site scripting (XSS) vulnerability TYPO3 Backend component Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

CVE-2015-8756 [MEDIUM] CWE-79 TYPO3 CMS indexed search Cross-site Scripting vulnerability TYPO3 CMS indexed search Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.

CVE-2012-6146 [MEDIUM] CWE-79 Typo3 Backend History Module Vulnerable to XSS Typo3 Backend History Module Vulnerable to XSS The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

CVE-2010-5101 [MEDIUM] CWE-22 TYPO3 Directory Traversal vulnerability TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

CVE-2015-8755 [MEDIUM] CWE-79 Typo3 XSS Vulnerability Typo3 XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

CVE-2012-2112 [MEDIUM] CWE-79 Typo3 Exception Handler XSS Typo3 Exception Handler XSS Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.