Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-7581
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and previous versions for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
News System Project News System
9.6
CVSSv3
CVE-2011-3642
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 up to and including 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote malicious users to inject arbitrary web script or HTML via the plugin configuration directive in a refere...
Flowplayer Flowplayer Flash
1 EDB exploit
9.1
CVSSv3
CVE-2022-47408
An issue exists in the fp_newsletter (aka Newsletter subscriber management) extension prior to 1.1.1, 1.2.0, 2.x prior to 2.1.2, 2.2.1 up to and including 2.4.0, and 3.x prior to 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
Fp Newsletter Project Fp Newsletter
Fp Newsletter Project Fp Newsletter 1.2.0
8.8
CVSSv3
CVE-2015-10106
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initi...
Mh Httpbl Project Mh Httpbl
8.8
CVSSv3
CVE-2022-23503
TYPO3 is an open source PHP based web content management system. Versions before 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, i...
Typo3 Typo3
8.8
CVSSv3
CVE-2021-43563
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated malicious user to perform requests to the pixx.io API for the configured API user. This al...
Pixxio Pixx.io
8.8
CVSSv3
CVE-2021-43562
An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location...
Pixxio Pixx.io
8.8
CVSSv3
CVE-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact...
Typo3 Typo3
8.8
CVSSv3
CVE-2020-15098
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a va...
Typo3 Typo3
8.8
CVSSv3
CVE-2020-15515
The turn extension up to and including 0.3.2 for TYPO3 allows Remote Code Execution.
Turn\\! Project Turn\\!
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »