Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-15086
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic ...
Typo3 Mediace
1 Github repository
9.8
CVSSv3
CVE-2011-3583
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two co...
Typo3 Typo3
9.8
CVSSv3
CVE-2011-3584
The TYPO3 Core wec_discussion extension prior to 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
Guidestar Wec Discussion Forum
9.8
CVSSv3
CVE-2011-4628
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows remote malicious users to bypass authentication mechanisms in the backend through a crafted request.
Typo3 Typo3
9.8
CVSSv3
CVE-2019-16699
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
Sr Freecap Project Sr Freecap
9.8
CVSSv3
CVE-2019-16700
The slub_events (aka SLUB: Event Registration) extension up to and including 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Servi...
Slub-dresden Slub Events
9.8
CVSSv3
CVE-2019-11830
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows malicious users to bypass a deserialization protection mechanism.
Typo3 Pharstreamwrapper
9.8
CVSSv3
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 does not prevent directory traversal, which allows malicious users to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
Typo3 Pharstreamwrapper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Drupal Drupal
Joomla Joomla\\!
9.8
CVSSv3
CVE-2019-7743
An issue exists in Joomla! prior to 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2015-1401
Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
Ldap \\/ Sso Authentication Project Ldap \\/ Sso Authentication 2.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »