Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@4.2.0
purl pkg:composer/typo3/cms-core@4.2.0
Tags Ghost
Next non-vulnerable version 9.5.25
Latest non-vulnerable version 14.0.2
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-47pq-dk4d-1fhx
Aliases:
CVE-2010-5104
GHSA-xgc2-q928-27wv
TYPO3 Sensitive Information Disclosure via escapeStrForLike method The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
4.2.16
Affected by 0 other vulnerabilities.
4.3.9
Affected by 0 other vulnerabilities.
4.4.5
Affected by 0 other vulnerabilities.
VCID-h1jn-6xyy-vfga
Aliases:
CVE-2009-3633
GHSA-m7rg-85g8-28m9
Cross-Site Request Forgery (CSRF) Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
4.2.10
Affected by 0 other vulnerabilities.
4.3.0-beta2
Affected by 0 other vulnerabilities.
VCID-zpyt-j4jd-8ufk
Aliases:
CVE-2008-2717
GHSA-f35p-hcwf-9f9f
TYPO3 Unrestricted File Upload vulnerability TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4.2.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:23:21.228085+00:00 GHSA Importer Affected by VCID-h1jn-6xyy-vfga https://github.com/advisories/GHSA-m7rg-85g8-28m9 38.6.0
2026-06-05T21:23:03.380520+00:00 GHSA Importer Affected by VCID-zpyt-j4jd-8ufk https://github.com/advisories/GHSA-f35p-hcwf-9f9f 38.6.0
2026-06-05T17:09:55.887712+00:00 GitLab Importer Affected by VCID-47pq-dk4d-1fhx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2010-5104.yml 38.6.0
2026-06-02T04:42:20.942467+00:00 GitLab Importer Affected by VCID-h1jn-6xyy-vfga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2009-3633.yml 38.6.0
2026-06-02T04:42:15.922502+00:00 GitLab Importer Affected by VCID-zpyt-j4jd-8ufk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2008-2717.yml 38.6.0