Typo3 Cms vulnerabilities
115 known vulnerabilities affecting typo3/cms.
Total CVEs
115
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH28MEDIUM72LOW11
Vulnerabilities
Page 2 of 6
CVE-2021-41113P3HIGHCVSS 8.8≥ 11.2.0, < 11.5.02021-10-05
CVE-2021-41113 [HIGH] CWE-309 Cross-Site-Request-Forgery in Backend
Cross-Site-Request-Forgery in Backend
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2)
### Problem
It has been discovered that the new TYPO3 v11 feature that allows users to create and share [deep links in the backend user interface](https://typo3.org/article/typo3-version-112-escape-the-orbit#c12178) is vulnerable to cross-site-request-forgery.
The impact is the same as described in [TY
ghsaosv
CVE-2021-21359P3MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21359 [MEDIUM] CWE-405 Denial of Service in Page Error Handling
Denial of Service in Page Error Handling
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5)
> * CWE-405, CWE-674
> * Status: **DRAFT**
### Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recu
ghsaosv
CVE-2020-26228P3HIGH≥ 10.0.0, < 10.4.10≥ 9.0.0, < 9.5.23+1 more2020-11-23
CVE-2020-26228 [HIGH] CWE-312 Cleartext storage of session identifier
Cleartext storage of session identifier
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.
### Solution
Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
### Credits
ghsaosv
CVE-2022-47406P3CRITICAL≥ 0, < 2.0.5≥ 3.0.0, < 3.0.32022-12-14
CVE-2022-47406 [CRITICAL] CWE-613 TYPO3 vulnerable to Insufficient Session Expiration
TYPO3 vulnerable to Insufficient Session Expiration
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
ghsaosv
CVE-2022-31050P3MEDIUM≥ 10.0.0, < 10.4.29≥ 11.0.0, < 11.5.112022-06-17
CVE-2022-31050 [MEDIUM] CWE-613 Insufficient Session Expiration in TYPO3's Admin Tool
Insufficient Session Expiration in TYPO3's Admin Tool
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6)
### Problem
Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolo
ghsaosv
CVE-2019-10912P3HIGH≥ 9.0.0, < 9.5.82020-02-12
CVE-2019-10912 [HIGH] CWE-502 Deserialization of untrusted data in Symfony
Deserialization of untrusted data in Symfony
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
ghsaosv
CVE-2009-3635P3MEDIUM≥ 0, ≤ 4.0.13≥ 4.1.0, < 4.1.13+2 more2022-05-02
CVE-2009-3635 [MEDIUM] CWE-287 TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
ghsaosv
CVE-2019-19848P3MEDIUM≥ 10.0.0, < 10.2.2≥ 8.0.0, < 8.7.30+1 more2022-05-24
CVE-2019-19848 [MEDIUM] CWE-22 TYPO3 Directory Traversal on ZIP extraction
TYPO3 Directory Traversal on ZIP extraction
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
ghsaosv
CVE-2013-4701P3HIGH≥ 6.2.0, < 6.2.62022-05-17
CVE-2013-4701 [HIGH] CWE-400 PHP OpenID Library Denial of Service vulnerability
PHP OpenID Library Denial of Service vulnerability
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ghsaosv
CVE-2009-0256P3HIGH≥ 4.0.0, < 4.0.10≥ 4.1.0, < 4.1.8+1 more2022-05-02
CVE-2009-0256 [HIGH] CWE-287 Authentication library in TYPO3 vulnerable to session fixation
Authentication library in TYPO3 vulnerable to session fixation
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
ghsaosv
CVE-2011-4901P3MEDIUM≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4901 [MEDIUM] CWE-200 Typo3 Arbitrary Information Disclosure
Typo3 Arbitrary Information Disclosure
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.
ghsaosv
CVE-2011-4904P3MEDIUM≥ 0, < 4.4.9≥ 4.5.0, < 4.5.42022-04-22
CVE-2011-4904 [MEDIUM] CWE-20 Typo3 Improper Access Control
Typo3 Improper Access Control
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
ghsaosv
CVE-2011-4902P3MEDIUM≥ 0, < 4.3.12≥ 4.4.0, < 4.4.9+1 more2022-04-22
CVE-2011-4902 [MEDIUM] CWE-20 Typo3 Arbitrary File Delete
Typo3 Arbitrary File Delete
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
ghsaosv
CVE-2019-19850P3MEDIUM≥ 8.0, < 8.7.30≥ 9.0, < 9.5.12+1 more2022-05-24
CVE-2019-19850 [MEDIUM] TYPO3 SQL Injection in low-level Query Generator
TYPO3 SQL Injection in low-level Query Generator
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
ghsaosv
CVE-2020-11069P3HIGH≥ 10.0.0, < 10.4.2≥ 9.0.0, < 9.5.172020-05-13
CVE-2020-11069 [HIGH] CWE-346 Backend Same-Site Request Forgery in TYPO3 CMS
Backend Same-Site Request Forgery in TYPO3 CMS
> ### Meta
> * CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
> * CWE-352
> * CWE-346
### Problem
It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are t
ghsaosv
CVE-2022-23501P3MEDIUM≥ 10.0.0, < 10.4.33≥ 11.0.0, < 11.5.20+1 more2022-12-13
CVE-2022-23501 [MEDIUM] CWE-287 TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
### Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary.
### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS,
ghsaosv
CVE-2012-6144P3MEDIUM≥ 4.5.0, < 4.5.21≥ 4.6.0, < 4.6.14+1 more2022-05-17
CVE-2012-6144 [MEDIUM] CWE-89 Typo3 Backend History Module Vulnerable to SQL Injection
Typo3 Backend History Module Vulnerable to SQL Injection
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.
ghsaosv
CVE-2014-3942P3HIGH≥ 4.5.0, < 4.5.34≥ 4.7.0, < 4.7.19+2 more2022-05-14
CVE-2014-3942 [HIGH] CWE-94 TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
ghsaosv
CVE-2021-32767P3MEDIUM≥ 10.0.0, < 10.4.18≥ 11.0.0, < 11.3.1+1 more2021-07-26
CVE-2021-32767 [MEDIUM] CWE-532 Information Disclosure in User Authentication
Information Disclosure in User Authentication
> ### Meta
> * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)
### Problem
It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration.
### Solution
Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described.
### C
ghsaosv
CVE-2014-9509P3HIGH≥ 4.5.0, < 4.5.39≥ 6.2.0, < 6.2.9+5 more2022-05-17
CVE-2014-9509 [HIGH] CWE-20 Typo3 Vulnerable to Cache Poisoning
Typo3 Vulnerable to Cache Poisoning
**Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser wh
ghsaosv