Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-enht-zcrt-mbe6
Summary
TYPO3 Path Traversal vulnerability
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
Aliases
0
alias CVE-2010-5099
1
alias GHSA-66j3-66cp-6c2m
Fixed_packages
Affected_packages
0
url pkg:composer/typo3/cms@4.2.0
purl pkg:composer/typo3/cms@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5arh-exf5-zub1
1
vulnerability VCID-69fr-ztbp-z7gg
2
vulnerability VCID-acey-xzmu-7yg9
3
vulnerability VCID-enht-zcrt-mbe6
4
vulnerability VCID-jbu9-bp56-rkgw
5
vulnerability VCID-k6fn-pcqn-byhu
6
vulnerability VCID-tsmu-e547-8kdx
7
vulnerability VCID-u1y7-xzfg-z7ce
8
vulnerability VCID-zkmd-h3ch-ebbg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.0
1
url pkg:composer/typo3/cms@4.3.0
purl pkg:composer/typo3/cms@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5arh-exf5-zub1
1
vulnerability VCID-enht-zcrt-mbe6
2
vulnerability VCID-jbu9-bp56-rkgw
3
vulnerability VCID-k6fn-pcqn-byhu
4
vulnerability VCID-p8an-crb2-2qc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.0
2
url pkg:composer/typo3/cms@4.4.0
purl pkg:composer/typo3/cms@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zuf-yf2d-t3hg
1
vulnerability VCID-57cn-dmzh-4kdq
2
vulnerability VCID-5arh-exf5-zub1
3
vulnerability VCID-88ng-ph1q-cybw
4
vulnerability VCID-93v3-exum-5qf5
5
vulnerability VCID-enht-zcrt-mbe6
6
vulnerability VCID-fprf-zjud-8fcv
7
vulnerability VCID-fv74-gq28-rkd5
8
vulnerability VCID-jbu9-bp56-rkgw
9
vulnerability VCID-jk5g-64sn-ffgx
10
vulnerability VCID-k6fn-pcqn-byhu
11
vulnerability VCID-n177-3cym-d7e7
12
vulnerability VCID-nvd8-5j51-2yeg
13
vulnerability VCID-tu8v-rv87-wfa3
14
vulnerability VCID-ybdc-993m-aqfu
15
vulnerability VCID-yk4b-baue-rkbt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.0
References
0
reference_url http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-5099
reference_id
reference_type
scores
0
value 0.05249
scoring_system epss
scoring_elements 0.89995
published_at 2026-04-21T12:55:00Z
1
value 0.05957
scoring_system epss
scoring_elements 0.90646
published_at 2026-04-13T12:55:00Z
2
value 0.05957
scoring_system epss
scoring_elements 0.90652
published_at 2026-04-12T12:55:00Z
3
value 0.05957
scoring_system epss
scoring_elements 0.90643
published_at 2026-04-09T12:55:00Z
4
value 0.05957
scoring_system epss
scoring_elements 0.90605
published_at 2026-04-01T12:55:00Z
5
value 0.05957
scoring_system epss
scoring_elements 0.90664
published_at 2026-04-18T12:55:00Z
6
value 0.05957
scoring_system epss
scoring_elements 0.90666
published_at 2026-04-16T12:55:00Z
7
value 0.05957
scoring_system epss
scoring_elements 0.90637
published_at 2026-04-08T12:55:00Z
8
value 0.05957
scoring_system epss
scoring_elements 0.90626
published_at 2026-04-07T12:55:00Z
9
value 0.05957
scoring_system epss
scoring_elements 0.90618
published_at 2026-04-04T12:55:00Z
10
value 0.05957
scoring_system epss
scoring_elements 0.90608
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-5099
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/64180
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/64180
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
5
reference_url http://www.exploit-db.com/exploits/15856
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/15856
6
reference_url http://www.openwall.com/lists/oss-security/2011/01/13/2
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/01/13/2
7
reference_url http://www.openwall.com/lists/oss-security/2012/05/10/7
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/05/10/7
8
reference_url http://www.openwall.com/lists/oss-security/2012/05/11/3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/05/11/3
9
reference_url http://www.openwall.com/lists/oss-security/2012/05/12/5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/05/12/5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-5099
reference_id CVE-2010-5099
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-5099
11
reference_url https://github.com/advisories/GHSA-66j3-66cp-6c2m
reference_id GHSA-66j3-66cp-6c2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66j3-66cp-6c2m
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
0
date_added 2010-12-29
description TYPO3 - Arbitrary File Retrieval
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2010-12-29
exploit_type webapps
platform php
source_date_updated 2010-12-29
data_source Exploit-DB
source_url
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-enht-zcrt-mbe6