Search for packages
Package details: pkg:composer/typo3/cms@8.6.1
purl pkg:composer/typo3/cms@8.6.1
Next non-vulnerable version 8.7.5
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
8.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-2pbg-f35b-jyaa Improper Authentication Authentication Bypass in TYPO3 Frontend. 2017-02-28-1
VCID-7yrw-wj9m-hkd4 Cross-site Scripting XSS in TYPO3 CMS. 2017-02-28-2
VCID-a6c5-ytdy-3qh4 Cross-Site Scripting in TYPO3 CMS Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting. GHSA-5gr6-97fv-52cc
VCID-hwcz-r4cu-9fba XSS Vulnerability TYPO3 is vulnerable to Cross-Site Scripting. TYPO3-CORE-SA-2017-003
VCID-uzut-7219-xkc1 Authentication Bypass Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users. TYPO3-CORE-SA-2017-002
VCID-y74r-7jjs-nfbd Authentication Bypass in TYPO3 Frontend Due to late TCA initialization the authentication service fails to restrict frontend user according to the validation rules. Therefore it is possible to authenticate restricted (e.g. disabled) frontend users. GHSA-mh3r-6cp5-hc2j

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:10:30.758547+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 36.1.3
2025-07-01T18:10:21.612332+00:00 GitLab Importer Fixing VCID-hwcz-r4cu-9fba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-003.yml 36.1.3
2025-07-01T18:10:21.590222+00:00 GitLab Importer Fixing VCID-uzut-7219-xkc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-002.yml 36.1.3
2025-07-01T18:10:21.543032+00:00 GitLab Importer Fixing VCID-7yrw-wj9m-hkd4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-02-28-2.yml 36.1.3
2025-07-01T18:10:21.520769+00:00 GitLab Importer Fixing VCID-2pbg-f35b-jyaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-02-28-1.yml 36.1.3
2025-07-01T14:35:06.266487+00:00 GHSA Importer Fixing VCID-a6c5-ytdy-3qh4 https://github.com/advisories/GHSA-5gr6-97fv-52cc 36.1.3
2025-07-01T14:35:06.141094+00:00 GHSA Importer Fixing VCID-y74r-7jjs-nfbd https://github.com/advisories/GHSA-mh3r-6cp5-hc2j 36.1.3
2025-07-01T12:11:11.268436+00:00 GithubOSV Importer Fixing VCID-y74r-7jjs-nfbd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-mh3r-6cp5-hc2j/GHSA-mh3r-6cp5-hc2j.json 36.1.3
2025-07-01T12:11:07.182537+00:00 GithubOSV Importer Fixing VCID-a6c5-ytdy-3qh4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-5gr6-97fv-52cc/GHSA-5gr6-97fv-52cc.json 36.1.3