VulnerableCode Package Details - pkg:composer/typo3/cms@4.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5arh-exf5-zub1 Aliases: CVE-2010-5103 GHSA-r2w2-2r2x-fpcx	TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.
VCID-enht-zcrt-mbe6 Aliases: CVE-2010-5099 GHSA-66j3-66cp-6c2m	TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.
VCID-jbu9-bp56-rkgw Aliases: CVE-2010-3714 GHSA-w736-qv86-vq94	TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.	4.3.7 Affected by 0 other vulnerabilities. 4.4.4 Affected by 0 other vulnerabilities.
VCID-k6fn-pcqn-byhu Aliases: CVE-2010-5101 GHSA-rmqc-wfjm-3f66	TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.
VCID-p8an-crb2-2qc3 Aliases: CVE-2010-1153 GHSA-4h9j-f98m-p4hg	TYPO3 PHP remote file inclusion vulnerability PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.	4.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5arh-exf5-zub1
Aliases:
CVE-2010-5103
GHSA-r2w2-2r2x-fpcx

TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

VCID-enht-zcrt-mbe6
Aliases:
CVE-2010-5099
GHSA-66j3-66cp-6c2m

TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

VCID-jbu9-bp56-rkgw
Aliases:
CVE-2010-3714
GHSA-w736-qv86-vq94

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

4.3.7
Affected by 0 other vulnerabilities.

4.4.4
Affected by 0 other vulnerabilities.

VCID-k6fn-pcqn-byhu
Aliases:
CVE-2010-5101
GHSA-rmqc-wfjm-3f66

TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

VCID-p8an-crb2-2qc3
Aliases:
CVE-2010-1153
GHSA-4h9j-f98m-p4hg

TYPO3 PHP remote file inclusion vulnerability PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

4.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:50.932147+00:00	GHSA Importer	Affected by	VCID-jbu9-bp56-rkgw	https://github.com/advisories/GHSA-w736-qv86-vq94	38.1.0
2026-04-04T14:31:15.781654+00:00	GHSA Importer	Affected by	VCID-enht-zcrt-mbe6	https://github.com/advisories/GHSA-66j3-66cp-6c2m	38.1.0
2026-04-04T14:31:15.674921+00:00	GHSA Importer	Affected by	VCID-k6fn-pcqn-byhu	https://github.com/advisories/GHSA-rmqc-wfjm-3f66	38.1.0
2026-04-04T14:31:15.456868+00:00	GHSA Importer	Affected by	VCID-5arh-exf5-zub1	https://github.com/advisories/GHSA-r2w2-2r2x-fpcx	38.1.0
2026-04-03T21:25:56.426364+00:00	GitLab Importer	Affected by	VCID-jbu9-bp56-rkgw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-3714.yml	38.1.0
2026-04-03T21:25:53.168485+00:00	GitLab Importer	Affected by	VCID-5arh-exf5-zub1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5103.yml	38.1.0
2026-04-03T21:25:48.535214+00:00	GitLab Importer	Affected by	VCID-k6fn-pcqn-byhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5101.yml	38.1.0
2026-04-01T16:00:41.455210+00:00	GHSA Importer	Affected by	VCID-p8an-crb2-2qc3	https://github.com/advisories/GHSA-4h9j-f98m-p4hg	38.0.0
2026-04-01T12:50:44.137875+00:00	GitLab Importer	Affected by	VCID-enht-zcrt-mbe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5099.yml	38.0.0
2026-04-01T12:50:00.730433+00:00	GitLab Importer	Affected by	VCID-p8an-crb2-2qc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-1153.yml	38.0.0