Search for packages
Package details: pkg:composer/typo3/cms@8.5.1
purl pkg:composer/typo3/cms@8.5.1
Next non-vulnerable version 8.7.5
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
8.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-2m7w-zfua-u7b9 TYPO3 Remote Code Execution in third party library swiftmailer TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution. GHSA-g4pf-3jvq-2gcw

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:10:30.754490+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 36.1.3
2025-07-01T14:35:05.846764+00:00 GHSA Importer Fixing VCID-2m7w-zfua-u7b9 https://github.com/advisories/GHSA-g4pf-3jvq-2gcw 36.1.3
2025-07-01T12:10:58.180572+00:00 GithubOSV Importer Fixing VCID-2m7w-zfua-u7b9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g4pf-3jvq-2gcw/GHSA-g4pf-3jvq-2gcw.json 36.1.3