Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-11067
In TYPO3 CMS 9.0.0 up to and including 9.5.16 and 10.0.0 up to and including 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to ...
Typo3 Typo3
8.8
CVSSv3
CVE-2020-11069
In TYPO3 CMS 9.0.0 up to and including 9.5.16 and 10.0.0 up to and including 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an ...
Typo3 Typo3
1 Github repository
8.8
CVSSv3
CVE-2019-19849
An issue exists in TYPO3 prior to 8.7.30, 9.x prior to 9.5.12, and 10.x prior to 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Ba...
Typo3 Typo3
8.8
CVSSv3
CVE-2010-3662
TYPO3 prior to 4.1.14, 4.2.x prior to 4.2.13, 4.3.x prior to 4.3.4 and 4.4.x prior to 4.4.1 allows SQL Injection on the backend.
Typo3 Typo3
8.8
CVSSv3
CVE-2010-3663
TYPO3 prior to 4.1.14, 4.2.x prior to 4.2.13, 4.3.x prior to 4.3.4 and 4.4.x prior to 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote malicious users to execute arbitrary code on the backend.
Typo3 Typo3
8.8
CVSSv3
CVE-2019-12747
TYPO3 8.x up to and including 8.7.26 and 9.x up to and including 9.5.7 allows Deserialization of Untrusted Data.
Typo3 Typo3
1 Github repository
8.8
CVSSv3
CVE-2017-14251
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
Typo3 Typo3 7.6.3
Typo3 Typo3 7.6.4
Typo3 Typo3 7.6.11
Typo3 Typo3 7.6.12
Typo3 Typo3 7.6.19
Typo3 Typo3 7.6.20
Typo3 Typo3 8.6.0
Typo3 Typo3 8.5.1
Typo3 Typo3 8.2.0
Typo3 Typo3 8.1.2
Typo3 Typo3 7.6.5
Typo3 Typo3 7.6.6
Typo3 Typo3 7.6.13
Typo3 Typo3 7.6.14
Typo3 Typo3 7.6.21
Typo3 Typo3 8.7.4
Typo3 Typo3 8.5.0
Typo3 Typo3 8.4.1
Typo3 Typo3 8.1.1
Typo3 Typo3 8.1.0
Typo3 Typo3 7.6.7
Typo3 Typo3 7.6.8
8.6
CVSSv3
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
8.3
CVSSv3
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form ...
Typo3 Typo3
8.1
CVSSv3
CVE-2020-15099
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnera...
Typo3 Typo3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »