Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2009-0255
The System extension Install tool in TYPO3 4.0.0 up to and including 4.0.9, 4.1.0 up to and including 4.1.7, and 4.2.0 up to and including 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for malicious users to crack the key.
Typo3 Typo3
Debian Debian Linux 4.0
7.3
CVSSv3
CVE-2019-16682
The url_redirect (aka URL redirect) extension up to and including 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
Url Redirect Project Url Redirect
7.2
CVSSv3
CVE-2022-31050
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled...
Typo3 Typo3
7.2
CVSSv3
CVE-2021-36792
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications.
Dated News Project Dated News
7.2
CVSSv3
CVE-2019-19848
An issue exists in TYPO3 prior to 8.7.30, 9.x prior to 9.5.12, and 10.x prior to 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this ...
Typo3 Typo3
7.2
CVSSv3
CVE-2019-19850
An issue exists in TYPO3 prior to 8.7.30, 9.x prior to 9.5.12, and 10.x prior to 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, an...
Typo3 Typo3
6.5
CVSSv3
CVE-2022-47407
An issue exists in the fp_masterquiz (aka Master-Quiz) extension prior to 2.2.1, and 3.x prior to 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.
Master-quiz Project Master-quiz
6.5
CVSSv3
CVE-2022-23501
TYPO3 is an open source PHP based web content management system. In versions before 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can ...
Typo3 Typo3
6.5
CVSSv3
CVE-2022-31047
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete except...
Typo3 Typo3
6.5
CVSSv3
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 up to and including 9.5.27, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level de...
Typo3 Typo3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »