Search for packages
| purl | pkg:composer/typo3/cms-core@7.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-12y5-7b81-wkfu
Aliases: GHSA-x4rj-f7m6-42c3 |
TYPO3 CMS Authentication Bypass vulnerability It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable. |
Affected by 0 other vulnerabilities. Affected by 76 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 102 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-28bf-jvah-zkhw
Aliases: 2018-07-12-1 |
Improper Authentication Authentication Bypass in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 76 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 102 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-5jgb-dsyx-hyb4
Aliases: CVE-2021-21338 GHSA-4jhw-2p6j-5wmp |
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001) |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-5paq-5frf-43ed
Aliases: CVE-2022-36107 GHSA-9c6w-55cp-5w25 |
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0) ### Problem It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-6xmj-wbea-r7ex
Aliases: GHSA-29m4-mx89-3mjg |
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-a563-vtwa-hkbr
Aliases: GHSA-66c2-7g4p-wx4p |
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ampc-h88c-afh2
Aliases: CVE-2016-5091 GHSA-jxg5-35fj-ccwf |
Information Exposure Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-b6er-h7dm-3bev
Aliases: GHSA-gqqf-g5r7-84vf GMS-2022-4096 |
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) ### Problem Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer). ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011) * [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-b81w-n2ne-z3ee
Aliases: GHSA-hjx5-v9xg-7h25 |
TYPO3 Denial of Service in Frontend Record Registration TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-bajy-qbwq-fufn
Aliases: CVE-2022-31047 GHSA-fh99-4pgr-8j99 |
Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002) |
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-bnne-7p2q-eqd2
Aliases: 2018-12-11-6 |
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-dm97-51uu-r7gw
Aliases: 2018-12-11-1 |
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-dsu7-jjjq-f3e1
Aliases: CVE-2021-21339 GHSA-qx3w-4864-94ch |
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006) |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ebpa-58em-wqam
Aliases: GHSA-cc97-g92w-jm65 |
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far. |
Affected by 0 other vulnerabilities. Affected by 76 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 102 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ehzg-bzrd-kbcc
Aliases: 2018-12-11-7 |
Uncontrolled Resource Consumption Denial of Service in Frontend Record Registration. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 114 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-mnz3-rj21-67ad
Aliases: CVE-2022-36105 GHSA-m392-235j-9r7r |
TYPO3 CMS vulnerable to User Enumeration via Response Timing > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007) * [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 22 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-n15v-ta9h-6ffb
Aliases: CVE-2021-32767 GHSA-34fr-fhqr-7235 |
Inclusion of Sensitive Information in Log Files TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability. |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 30 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 34 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-n1cb-8py6-bbhu
Aliases: GHSA-ppvg-hw62-6ph9 |
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-n78p-x7hh-gqcf
Aliases: 2018-12-11-5 |
Information Disclosure in Install Tool. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-rdrs-mhaw-b3ge
Aliases: 2018-12-11-3 |
Cross-site Scripting Cross-Site Scripting in Frontend User Login. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-re9h-ze98-rbhu
Aliases: CVE-2020-8091 GHSA-qvhv-pwww-53jj |
Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. |
Affected by 84 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-s55j-8hbt-akhn
Aliases: CVE-2022-31046 GHSA-8gmv-9hwg-w89g |
Information Disclosure via Export Module > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.0) ### Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have access. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. ℹ️ **Strong security defaults - Manual actions required** Following User TSconfig setting would allow using the export functionality for particular users: ``` options.impexp.enableExportForNonAdminUser = 1 ``` ### Credits Thanks to TYPO3 core merger Lina Wolf who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-001](https://typo3.org/security/advisory/typo3-core-sa-2022-001) |
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 0 other vulnerabilities. Affected by 28 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 29 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-sr3p-pdxy-4yhu
Aliases: 2018-07-12-2 |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 76 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 102 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-t3jn-vwbx-u7cr
Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh |
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008) |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 39 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-tw1y-t4qj-j3d1
Aliases: 2018-12-11-2 |
Cross-site Scripting Cross-Site Scripting in Backend Modal Component. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-y32z-2d3f-gkgw
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-site Scripting TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 33 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-zspb-bd6j-wyd2
Aliases: 2018-12-11-4 |
Security Misconfiguration in Install Tool Cookie. |
Affected by 0 other vulnerabilities. Affected by 59 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 88 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||