VulnerableCode Package Details - pkg:composer/typo3/cms@4.0.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-2vwe-5wpk-ebdj Aliases: CVE-2009-0256 GHSA-q45q-5233-229p	Authentication library in TYPO3 vulnerable to session fixation Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.	4.0.10 Affected by 0 other vulnerabilities. 4.1.8 Affected by 0 other vulnerabilities. 4.2.4 Affected by 0 other vulnerabilities.
VCID-3vtw-fru3-gqf7 Aliases: CVE-2009-0258 GHSA-74w6-ww7w-45j9	Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.	4.0.10 Affected by 0 other vulnerabilities. 4.1.8 Affected by 0 other vulnerabilities. 4.2.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2vwe-5wpk-ebdj
Aliases:
CVE-2009-0256
GHSA-q45q-5233-229p

Authentication library in TYPO3 vulnerable to session fixation Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

4.0.10
Affected by 0 other vulnerabilities.

4.1.8
Affected by 0 other vulnerabilities.

4.2.4
Affected by 0 other vulnerabilities.

VCID-3vtw-fru3-gqf7
Aliases:
CVE-2009-0258
GHSA-74w6-ww7w-45j9

Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

4.0.10
Affected by 0 other vulnerabilities.

4.1.8
Affected by 0 other vulnerabilities.

4.2.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:13:06.980161+00:00	GitLab Importer	Affected by	VCID-3vtw-fru3-gqf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0258.yml	36.1.3
2025-07-01T18:13:06.870021+00:00	GitLab Importer	Affected by	VCID-2vwe-5wpk-ebdj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0256.yml	36.1.3
2025-07-01T14:31:49.364136+00:00	GHSA Importer	Affected by	VCID-3vtw-fru3-gqf7	https://github.com/advisories/GHSA-74w6-ww7w-45j9	36.1.3
2025-07-01T14:31:49.270336+00:00	GHSA Importer	Affected by	VCID-2vwe-5wpk-ebdj	https://github.com/advisories/GHSA-q45q-5233-229p	36.1.3