VulnerableCode Package Details - pkg:composer/typo3/cms-core@8.7.54

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/typo3/cms-core@8.7.54

Essentials
History (2)

purl	pkg:composer/typo3/cms-core@8.7.54
Tags	Ghost

Next non-vulnerable version	12.4.41
Latest non-vulnerable version	14.0.2
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-h6y3-7gsq-skh2 Aliases: CVE-2023-47127 GHSA-3vmm-7h4j-69rm	TYPO3 vulnerable to Weak Authentication in Session Handling TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.	8.7.55 Affected by 0 other vulnerabilities. 9.5.44 Affected by 0 other vulnerabilities. 10.4.41 Affected by 0 other vulnerabilities. 11.5.33 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 12.4.8 Affected by 15 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-h6y3-7gsq-skh2
Aliases:
CVE-2023-47127
GHSA-3vmm-7h4j-69rm

TYPO3 vulnerable to Weak Authentication in Session Handling TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

8.7.55
Affected by 0 other vulnerabilities.

9.5.44
Affected by 0 other vulnerabilities.

10.4.41
Affected by 0 other vulnerabilities.

11.5.33
Affected by 14 other vulnerabilities.

12.4.8
Affected by 15 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T17:00:41.183236+00:00	GHSA Importer	Affected by	VCID-h6y3-7gsq-skh2	https://github.com/advisories/GHSA-3vmm-7h4j-69rm	38.1.0
2026-04-01T12:52:06.711985+00:00	GitLab Importer	Affected by	VCID-h6y3-7gsq-skh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2023-47127.yml	38.0.0