Search for packages
Package details: pkg:composer/typo3/cms@8.0.1
purl pkg:composer/typo3/cms@8.0.1
Next non-vulnerable version 8.1.1
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
8.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-3yjx-zkmc-zkau Improper Privilege Management Privilege Escalation in TYPO3 CMS. 2016-04-12-4
VCID-8jv7-9a74-q3ee Cross-site Scripting Cross-Site Scripting in TYPO3 Backend. 2016-04-12-1
VCID-k8yx-gezq-7fd6 Authentication Bypass in TYPO3 CMS The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database. Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database. GHSA-6xh8-8pfv-53vx
VCID-vujd-b56y-8kfk Privilege Escalation in TYPO3 CMS The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability. GHSA-v5jp-4h2p-j2p4
VCID-x5wu-b995-xkcm Improper Authentication Authentication Bypass in TYPO3 CMS. 2016-04-12-3
VCID-zu53-dnd1-h3gu Cross-Site Scripting in TYPO3 Backend Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability. GHSA-5wx6-xwxf-q8qj

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:10:30.734667+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 36.1.3
2025-07-01T18:10:11.560139+00:00 GitLab Importer Fixing VCID-8jv7-9a74-q3ee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-1.yml 36.1.3
2025-07-01T18:10:11.451137+00:00 GitLab Importer Fixing VCID-3yjx-zkmc-zkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-4.yml 36.1.3
2025-07-01T18:10:11.241929+00:00 GitLab Importer Fixing VCID-x5wu-b995-xkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-3.yml 36.1.3
2025-07-01T14:35:05.372858+00:00 GHSA Importer Fixing VCID-vujd-b56y-8kfk https://github.com/advisories/GHSA-v5jp-4h2p-j2p4 36.1.3
2025-07-01T14:35:05.342256+00:00 GHSA Importer Fixing VCID-zu53-dnd1-h3gu https://github.com/advisories/GHSA-5wx6-xwxf-q8qj 36.1.3
2025-07-01T14:35:05.260094+00:00 GHSA Importer Fixing VCID-k8yx-gezq-7fd6 https://github.com/advisories/GHSA-6xh8-8pfv-53vx 36.1.3
2025-07-01T12:11:14.248988+00:00 GithubOSV Importer Fixing VCID-k8yx-gezq-7fd6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-6xh8-8pfv-53vx/GHSA-6xh8-8pfv-53vx.json 36.1.3
2025-07-01T12:11:08.733714+00:00 GithubOSV Importer Fixing VCID-vujd-b56y-8kfk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-v5jp-4h2p-j2p4/GHSA-v5jp-4h2p-j2p4.json 36.1.3
2025-07-01T12:11:01.884100+00:00 GithubOSV Importer Fixing VCID-zu53-dnd1-h3gu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-5wx6-xwxf-q8qj/GHSA-5wx6-xwxf-q8qj.json 36.1.3