Search for packages
Package details: pkg:composer/typo3/cms@8.7.0
purl pkg:composer/typo3/cms@8.7.0
Next non-vulnerable version 8.7.5
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq
TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
8.7.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-58sc-bkhd-7ud1 Code Injection Arbitrary Code Execution in TYPO3 CMS. 2017-09-05-4
VCID-ct1e-wck2-6qbj Cross-site Scripting XSS in TYPO3 CMS Backend. 2017-09-05-1
VCID-scue-m12x-nkf4 Information Disclosure in TYPO3 CMS. 2017-09-05-3
VCID-vftm-uyy7-63fb Information Disclosure in TYPO3 CMS. 2017-09-05-2

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:10:30.760348+00:00 GitLab Importer Affected by VCID-1d1x-7vx6-zbfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml 36.1.3
2025-07-01T18:10:30.463902+00:00 GitLab Importer Fixing VCID-58sc-bkhd-7ud1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-4.yml 36.1.3
2025-07-01T18:10:30.441813+00:00 GitLab Importer Fixing VCID-scue-m12x-nkf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-3.yml 36.1.3
2025-07-01T18:10:30.420587+00:00 GitLab Importer Fixing VCID-vftm-uyy7-63fb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-2.yml 36.1.3
2025-07-01T18:10:30.381774+00:00 GitLab Importer Fixing VCID-ct1e-wck2-6qbj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-1.yml 36.1.3