Search for packages
Package details: pkg:composer/typo3/cms@8.4.1
purl pkg:composer/typo3/cms@8.4.1
Next non-vulnerable version 8.7.5
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
8.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-5m4k-jd3r-abaf Path Traversal in TYPO3 Core Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence. GHSA-gj48-w74w-8gvm
GMS-2024-342
VCID-8fkz-6kqu-gqbk Path Traversal Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence. TYPO3-CORE-SA-2016-024
VCID-cnqq-fdxb-9uat Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed. GHSA-c7rj-92xr-wprg
VCID-e5ns-2x1v-sbaj Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed. TYPO3-CORE-SA-2016-023
VCID-heyp-4b45-v7gp Insecure Deserialization Insecure Unserialize in TYPO3 Backend. 2016-11-22-1
VCID-y15u-f9e9-akff Path Traversal in TYPO3 Core. 2016-11-22-2

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:15:34.248203+00:00 GitLab Importer Fixing VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-gj48-w74w-8gvm.yml 36.1.3
2025-07-01T18:15:34.170931+00:00 GitLab Importer Fixing VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GMS-2024-342.yml 36.1.3
2025-07-01T18:10:30.750869+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 36.1.3
2025-07-01T18:10:16.841389+00:00 GitLab Importer Fixing VCID-heyp-4b45-v7gp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-1.yml 36.1.3
2025-07-01T18:10:16.809194+00:00 GitLab Importer Fixing VCID-y15u-f9e9-akff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-2.yml 36.1.3
2025-07-01T18:10:16.777508+00:00 GitLab Importer Fixing VCID-8fkz-6kqu-gqbk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-024.yml 36.1.3
2025-07-01T18:10:16.745160+00:00 GitLab Importer Fixing VCID-e5ns-2x1v-sbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-023.yml 36.1.3
2025-07-01T14:35:06.223150+00:00 GHSA Importer Fixing VCID-cnqq-fdxb-9uat https://github.com/advisories/GHSA-c7rj-92xr-wprg 36.1.3
2025-07-01T14:34:24.860249+00:00 GHSA Importer Fixing VCID-5m4k-jd3r-abaf https://github.com/advisories/GHSA-gj48-w74w-8gvm 36.1.3
2025-07-01T12:11:02.604398+00:00 GithubOSV Importer Fixing VCID-cnqq-fdxb-9uat https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-c7rj-92xr-wprg/GHSA-c7rj-92xr-wprg.json 36.1.3
2025-07-01T12:10:01.105806+00:00 GithubOSV Importer Fixing VCID-5m4k-jd3r-abaf https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-gj48-w74w-8gvm/GHSA-gj48-w74w-8gvm.json 36.1.3