cbcvebase.

Typo3 Cms vulnerabilities

115 known vulnerabilities affecting typo3/cms.

Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11

Vulnerabilities

Page 2 of 6
CVE-2021-41113P3HIGHCVSS 8.8≥ 11.2.0, < 11.5.02021-10-05
CVE-2021-41113 [HIGH] CWE-309 Cross-Site-Request-Forgery in Backend Cross-Site-Request-Forgery in Backend > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) ### Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share [deep links in the backend user interface](https://typo3.org/article/typo3-version-112-escape-the-orbit#c12178) is vulnerable to cross-site-request-forgery. The impact is the same as described in [TY
ghsaosv
CVE-2021-21359P3MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21359 [MEDIUM] CWE-405 Denial of Service in Page Error Handling Denial of Service in Page Error Handling > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) > * CWE-405, CWE-674 > * Status: **DRAFT** ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recu
ghsaosv
CVE-2020-26228P3HIGH≥ 10.0.0, < 10.4.10≥ 9.0.0, < 9.5.23+1 more2020-11-23
CVE-2020-26228 [HIGH] CWE-312 Cleartext storage of session identifier Cleartext storage of session identifier User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits
ghsaosv
CVE-2022-47406P3CRITICAL≥ 0, < 2.0.5≥ 3.0.0, < 3.0.32022-12-14
CVE-2022-47406 [CRITICAL] CWE-613 TYPO3 vulnerable to Insufficient Session Expiration TYPO3 vulnerable to Insufficient Session Expiration An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
ghsaosv
CVE-2022-31050P3MEDIUM≥ 10.0.0, < 10.4.29≥ 11.0.0, < 11.5.112022-06-17
CVE-2022-31050 [MEDIUM] CWE-613 Insufficient Session Expiration in TYPO3's Admin Tool Insufficient Session Expiration in TYPO3's Admin Tool > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6) ### Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolo
ghsaosv
CVE-2019-10912P3HIGH≥ 9.0.0, < 9.5.82020-02-12
CVE-2019-10912 [HIGH] CWE-502 Deserialization of untrusted data in Symfony Deserialization of untrusted data in Symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
ghsaosv
CVE-2009-3635P3MEDIUM≥ 0, ≤ 4.0.13≥ 4.1.0, < 4.1.13+2 more2022-05-02
CVE-2009-3635 [MEDIUM] CWE-287 TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
ghsaosv
CVE-2019-19848P3MEDIUM≥ 10.0.0, < 10.2.2≥ 8.0.0, < 8.7.30+1 more2022-05-24
CVE-2019-19848 [MEDIUM] CWE-22 TYPO3 Directory Traversal on ZIP extraction TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
ghsaosv
CVE-2013-4701P3HIGH≥ 6.2.0, < 6.2.62022-05-17
CVE-2013-4701 [HIGH] CWE-400 PHP OpenID Library Denial of Service vulnerability PHP OpenID Library Denial of Service vulnerability Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ghsaosv
CVE-2009-0256P3HIGH≥ 4.0.0, < 4.0.10≥ 4.1.0, < 4.1.8+1 more2022-05-02
CVE-2009-0256 [HIGH] CWE-287 Authentication library in TYPO3 vulnerable to session fixation Authentication library in TYPO3 vulnerable to session fixation Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
ghsaosv
CVE-2011-4901P3MEDIUM≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4901 [MEDIUM] CWE-200 Typo3 Arbitrary Information Disclosure Typo3 Arbitrary Information Disclosure TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
ghsaosv
CVE-2011-4904P3MEDIUM≥ 0, < 4.4.9≥ 4.5.0, < 4.5.42022-04-22
CVE-2011-4904 [MEDIUM] CWE-20 Typo3 Improper Access Control Typo3 Improper Access Control TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
ghsaosv
CVE-2011-4902P3MEDIUM≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4902 [MEDIUM] CWE-20 Typo3 Arbitrary File Delete Typo3 Arbitrary File Delete TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
ghsaosv
CVE-2019-19850P3MEDIUM≥ 8.0, < 8.7.30≥ 9.0, < 9.5.12+1 more2022-05-24
CVE-2019-19850 [MEDIUM] TYPO3 SQL Injection in low-level Query Generator TYPO3 SQL Injection in low-level Query Generator An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
ghsaosv
CVE-2020-11069P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11069 [HIGH] CWE-346 Backend Same-Site Request Forgery in TYPO3 CMS Backend Same-Site Request Forgery in TYPO3 CMS > ### Meta > * CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > * CWE-352 > * CWE-346 ### Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are t
ghsaosv
CVE-2022-23501P3MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23501 [MEDIUM] CWE-287 TYPO3 CMS vulnerable to Weak Authentication in Frontend Login TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS,
ghsaosv
CVE-2012-6144P3MEDIUM≥ 4.5.0, < 4.5.21≥ 4.6.0, < 4.6.14+1 more2022-05-17
CVE-2012-6144 [MEDIUM] CWE-89 Typo3 Backend History Module Vulnerable to SQL Injection Typo3 Backend History Module Vulnerable to SQL Injection SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.
ghsaosv
CVE-2014-3942P3HIGH≥ 4.5.0, < 4.5.34≥ 4.7.0, < 4.7.19+2 more2022-05-14
CVE-2014-3942 [HIGH] CWE-94 TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
ghsaosv
CVE-2021-32767P3MEDIUM≥ 10.0.0, < 10.4.18≥ 11.0.0, < 11.3.1+1 more2021-07-26
CVE-2021-32767 [MEDIUM] CWE-532 Information Disclosure in User Authentication Information Disclosure in User Authentication > ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration. ### Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### C
ghsaosv
CVE-2014-9509P3HIGH≥ 4.5.0, < 4.5.39≥ 6.2.0, < 6.2.9+5 more2022-05-17
CVE-2014-9509 [HIGH] CWE-20 Typo3 Vulnerable to Cache Poisoning Typo3 Vulnerable to Cache Poisoning **Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser wh
ghsaosv
Typo3 Cms vulnerabilities | cvebase