VulnerableCode Package Details - pkg:composer/typo3/cms@4.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4h31-swcq-suh9 Aliases: CVE-2010-3714 GHSA-w736-qv86-vq94	TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.	4.3.7 Affected by 0 other vulnerabilities. 4.4.4 Affected by 0 other vulnerabilities.
VCID-fjtr-nupy-s3bm Aliases: CVE-2010-1153 GHSA-4h9j-f98m-p4hg	TYPO3 PHP remote file inclusion vulnerability PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.	4.3.3 Affected by 0 other vulnerabilities.
VCID-fvcm-r3eg-cfdd Aliases: CVE-2010-5101 GHSA-rmqc-wfjm-3f66	TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.
VCID-r1et-gsp9-1bbp Aliases: CVE-2010-5099 GHSA-66j3-66cp-6c2m	TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.
VCID-v2e7-fwms-n3ag Aliases: CVE-2010-5103 GHSA-r2w2-2r2x-fpcx	TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.	4.3.9 Affected by 0 other vulnerabilities. 4.4.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4h31-swcq-suh9
Aliases:
CVE-2010-3714
GHSA-w736-qv86-vq94

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

4.3.7
Affected by 0 other vulnerabilities.

4.4.4
Affected by 0 other vulnerabilities.

VCID-fjtr-nupy-s3bm
Aliases:
CVE-2010-1153
GHSA-4h9j-f98m-p4hg

TYPO3 PHP remote file inclusion vulnerability PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

4.3.3
Affected by 0 other vulnerabilities.

VCID-fvcm-r3eg-cfdd
Aliases:
CVE-2010-5101
GHSA-rmqc-wfjm-3f66

TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

VCID-r1et-gsp9-1bbp
Aliases:
CVE-2010-5099
GHSA-66j3-66cp-6c2m

TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

VCID-v2e7-fwms-n3ag
Aliases:
CVE-2010-5103
GHSA-r2w2-2r2x-fpcx

TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

4.3.9
Affected by 0 other vulnerabilities.

4.4.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T18:42:30.182171+00:00	GHSA Importer	Affected by	VCID-4h31-swcq-suh9	https://github.com/advisories/GHSA-w736-qv86-vq94	37.0.0
2025-07-05T18:42:09.604458+00:00	GHSA Importer	Affected by	VCID-r1et-gsp9-1bbp	https://github.com/advisories/GHSA-66j3-66cp-6c2m	37.0.0
2025-07-05T18:42:09.536782+00:00	GHSA Importer	Affected by	VCID-fvcm-r3eg-cfdd	https://github.com/advisories/GHSA-rmqc-wfjm-3f66	37.0.0
2025-07-05T18:42:09.390626+00:00	GHSA Importer	Affected by	VCID-v2e7-fwms-n3ag	https://github.com/advisories/GHSA-r2w2-2r2x-fpcx	37.0.0
2025-07-04T13:55:11.297203+00:00	GitLab Importer	Affected by	VCID-4h31-swcq-suh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-3714.yml	37.0.0
2025-07-04T13:55:08.911126+00:00	GitLab Importer	Affected by	VCID-v2e7-fwms-n3ag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5103.yml	37.0.0
2025-07-01T18:13:49.440934+00:00	GitLab Importer	Affected by	VCID-fvcm-r3eg-cfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5101.yml	36.1.3
2025-07-01T18:13:45.633952+00:00	GitLab Importer	Affected by	VCID-r1et-gsp9-1bbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5099.yml	36.1.3
2025-07-01T18:13:06.100444+00:00	GitLab Importer	Affected by	VCID-fjtr-nupy-s3bm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-1153.yml	36.1.3
2025-07-01T14:31:52.877230+00:00	GHSA Importer	Affected by	VCID-fjtr-nupy-s3bm	https://github.com/advisories/GHSA-4h9j-f98m-p4hg	36.1.3