| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-4hp8-5qeb-wyam |
| vulnerability_id |
VCID-4hp8-5qeb-wyam |
| summary |
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-47938, GHSA-3jrg-97f3-rqh9
|
| risk_score |
1.7 |
| exploitability |
0.5 |
| weighted_severity |
3.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4hp8-5qeb-wyam |
|
| 1 |
| url |
VCID-9f74-pxxq-3qea |
| vulnerability_id |
VCID-9f74-pxxq-3qea |
| summary |
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34357, GHSA-hw6c-6gwq-3m3m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9f74-pxxq-3qea |
|
| 2 |
| url |
VCID-9fu7-2brx-j3az |
| vulnerability_id |
VCID-9fu7-2brx-j3az |
| summary |
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34358, GHSA-36g8-62qv-5957
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9fu7-2brx-j3az |
|
| 3 |
| url |
VCID-9mh5-8n3y-93c8 |
| vulnerability_id |
VCID-9mh5-8n3y-93c8 |
| summary |
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-47937, GHSA-x8pv-fgxp-8v3x
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9mh5-8n3y-93c8 |
|
| 4 |
| url |
VCID-arjb-mbgt-97dh |
| vulnerability_id |
VCID-arjb-mbgt-97dh |
| summary |
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-47940, GHSA-6frx-j292-c844
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arjb-mbgt-97dh |
|
| 5 |
| url |
VCID-g6wm-gjsy-7fdt |
| vulnerability_id |
VCID-g6wm-gjsy-7fdt |
| summary |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-25120, GHSA-wf85-8hx9-gj7c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6wm-gjsy-7fdt |
|
| 6 |
| url |
VCID-qnk5-9jfz-5bhh |
| vulnerability_id |
VCID-qnk5-9jfz-5bhh |
| summary |
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-55892, GHSA-2fx5-pggv-6jjr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qnk5-9jfz-5bhh |
|
| 7 |
| url |
VCID-rxu6-ccns-m3fk |
| vulnerability_id |
VCID-rxu6-ccns-m3fk |
| summary |
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-34356, GHSA-v6mw-h7w6-59w3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rxu6-ccns-m3fk |
|
| 8 |
| url |
VCID-sq7n-ehxa-rbb9 |
| vulnerability_id |
VCID-sq7n-ehxa-rbb9 |
| summary |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-25118, GHSA-38r2-5695-334w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7n-ehxa-rbb9 |
|
| 9 |
| url |
VCID-u1bz-wj83-nbbt |
| vulnerability_id |
VCID-u1bz-wj83-nbbt |
| summary |
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-47939, GHSA-9hq9-cr36-4wpj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u1bz-wj83-nbbt |
|
| 10 |
| url |
VCID-vc1g-tqkt-w7gt |
| vulnerability_id |
VCID-vc1g-tqkt-w7gt |
| summary |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-25121, GHSA-rj3x-wvc6-5j66
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vc1g-tqkt-w7gt |
|
| 11 |
| url |
VCID-ve54-aaqx-xkck |
| vulnerability_id |
VCID-ve54-aaqx-xkck |
| summary |
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/TYPO3/typo3 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.2 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/TYPO3/typo3 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-22188, GHSA-5w2h-59j3-8x5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ve54-aaqx-xkck |
|
| 12 |
| url |
VCID-wutq-k9ph-zyab |
| vulnerability_id |
VCID-wutq-k9ph-zyab |
| summary |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/typo3/cms-core@12.4.8 |
| purl |
pkg:composer/typo3/cms-core@12.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4hp8-5qeb-wyam |
|
| 1 |
| vulnerability |
VCID-9f74-pxxq-3qea |
|
| 2 |
| vulnerability |
VCID-9fu7-2brx-j3az |
|
| 3 |
| vulnerability |
VCID-9mh5-8n3y-93c8 |
|
| 4 |
| vulnerability |
VCID-ant9-spg8-1ug5 |
|
| 5 |
| vulnerability |
VCID-arjb-mbgt-97dh |
|
| 6 |
| vulnerability |
VCID-g6wm-gjsy-7fdt |
|
| 7 |
| vulnerability |
VCID-qnk5-9jfz-5bhh |
|
| 8 |
| vulnerability |
VCID-rxu6-ccns-m3fk |
|
| 9 |
| vulnerability |
VCID-sq7n-ehxa-rbb9 |
|
| 10 |
| vulnerability |
VCID-u1bz-wj83-nbbt |
|
| 11 |
| vulnerability |
VCID-vc1g-tqkt-w7gt |
|
| 12 |
| vulnerability |
VCID-ve54-aaqx-xkck |
|
| 13 |
| vulnerability |
VCID-x2ne-qxnz-rkem |
|
| 14 |
| vulnerability |
VCID-xbzy-s3xw-y7ey |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.8 |
|
|
| aliases |
CVE-2023-47127, GHSA-3vmm-7h4j-69rm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wutq-k9ph-zyab |
|
| 13 |
| url |
VCID-x2ne-qxnz-rkem |
| vulnerability_id |
VCID-x2ne-qxnz-rkem |
| summary |
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-0859, GHSA-7vp9-x248-9vr9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2ne-qxnz-rkem |
|
| 14 |
| url |
VCID-xbzy-s3xw-y7ey |
| vulnerability_id |
VCID-xbzy-s3xw-y7ey |
| summary |
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-25119, GHSA-h47m-3f78-qp9g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xbzy-s3xw-y7ey |
|
|
|---|