Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering delet...
Typo3 Typo3
9.8
CVSSv3
CVE-2023-35782
The ipandlanguageredirect extension prior to 5.1.2 for TYPO3 allows SQL Injection.
Ipandlanguageredirect Project Ipandlanguageredirect
9.8
CVSSv3
CVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is a...
Ecodev Media Upload
9.8
CVSSv3
CVE-2022-47406
An issue exists in the fe_change_pwd (aka Change password for frontend users) extension prior to 2.0.5, and 3.x prior to 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
Change Password For Frontend Users Project Change Password For Frontend Users
9.8
CVSSv3
CVE-2022-35628
A SQL injection issue exists in the lux extension prior to 17.6.1, and 18.x up to and including 24.x prior to 24.0.2, for TYPO3.
In2code Living User Experience
9.8
CVSSv3
CVE-2022-29600
The oelib (aka One is Enough Library) extension up to and including 4.1.5 for TYPO3 allows SQL Injection.
Oliverklee Oelib
9.8
CVSSv3
CVE-2022-29601
The seminars (aka Seminar Manager) extension up to and including 4.1.3 for TYPO3 allows SQL Injection.
Oliverklee Seminars
9.8
CVSSv3
CVE-2021-36789
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 allows SQL Injection.
Dated News Project Dated News
9.8
CVSSv3
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
9.8
CVSSv3
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »