VulnerableCode Package Details - pkg:composer/typo3/cms@4.4.0

Search for packages

Package details: pkg:composer/typo3/cms@4.4.0

Essentials
History (23)

purl	pkg:composer/typo3/cms@4.4.0
Tags	Ghost

Next non-vulnerable version	10.4.35
Latest non-vulnerable version	12.2.0
Risk	10.0

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-1grv-8mgr-ekfg Aliases: CVE-2012-1607 GHSA-q68v-vcjg-r3vp	TYPO3 allows remote attackers to obtain the database name via a direct request The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.	There are no reported fixed by versions.
VCID-3yv4-3421-tqf4 Aliases: CVE-2012-1606 GHSA-7wwr-p84q-qr3q	Typo3 Backend XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-4h31-swcq-suh9 Aliases: CVE-2010-3714 GHSA-w736-qv86-vq94	TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.	4.4.4 Affected by 0 other vulnerabilities.
VCID-6tb2-9qd8-qyc7 Aliases: CVE-2011-4632 GHSA-h86g-796f-hhfq	Typo3 XSS Vulnerabilities Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-6yaa-24e9-cubs Aliases: CVE-2011-4627 GHSA-frf4-5p2c-c3ff	Typo3 Information Disclosure TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-9xxg-zvpz-7yfa Aliases: CVE-2011-4901 GHSA-8grp-3j5v-543g	Typo3 Arbitrary Information Disclosure TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-cu6k-92m3-3bc4 Aliases: CVE-2011-4630 GHSA-29wr-24h5-95r5	Typo3 XSS Vulnerability Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the `browse_links` wizard.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-e9qd-svur-cfh3 Aliases: CVE-2012-1608 GHSA-w3v6-r62r-fvqh	Typo3 API XSS Vulnerabilities The `t3lib_div::RemoveXSS` API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-fvcm-r3eg-cfdd Aliases: CVE-2010-5101 GHSA-rmqc-wfjm-3f66	TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."	4.4.5 Affected by 0 other vulnerabilities.
VCID-k14s-n1yr-fqhh Aliases: CVE-2012-2112 GHSA-qfr3-29w6-hwpg	Typo3 Exception Handler XSS Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.	4.4.15 Affected by 0 other vulnerabilities. 4.5.15 Affected by 0 other vulnerabilities. 4.6.8 Affected by 0 other vulnerabilities.
VCID-r1et-gsp9-1bbp Aliases: CVE-2010-5099 GHSA-66j3-66cp-6c2m	TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.	4.4.5 Affected by 0 other vulnerabilities.
VCID-t1k9-3bh1-m7h4 Aliases: CVE-2011-4903 GHSA-q22w-r5qq-v3wf	Typo3 XSS in RemoveXSS function Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-v2e7-fwms-n3ag Aliases: CVE-2010-5103 GHSA-r2w2-2r2x-fpcx	TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-w4nd-1kan-xkgw Aliases: CVE-2012-1605 GHSA-7jfm-px59-99w8	Typo3 Extbase Framework Unsafe Deserialization The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-wket-pcbe-afe5 Aliases: CVE-2011-4902 GHSA-9vxq-mxw5-mcgp	Typo3 Arbitrary File Delete TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-zb1h-ucdg-qbch Aliases: CVE-2011-4628 GHSA-79gv-5cgx-x6rx	Typo3 Authentication Bypass TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-04T13:55:12.569432+00:00	GitLab Importer	Affected by	VCID-1grv-8mgr-ekfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1607.yml	37.0.0
2025-07-04T13:55:11.987071+00:00	GitLab Importer	Affected by	VCID-w4nd-1kan-xkgw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1605.yml	37.0.0
2025-07-04T13:55:11.299602+00:00	GitLab Importer	Affected by	VCID-4h31-swcq-suh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-3714.yml	37.0.0
2025-07-04T13:55:08.913303+00:00	GitLab Importer	Affected by	VCID-v2e7-fwms-n3ag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5103.yml	37.0.0
2025-07-01T18:13:50.535363+00:00	GitLab Importer	Affected by	VCID-k14s-n1yr-fqhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-2112.yml	36.1.3
2025-07-01T18:13:49.442728+00:00	GitLab Importer	Affected by	VCID-fvcm-r3eg-cfdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5101.yml	36.1.3
2025-07-01T18:13:46.224915+00:00	GitLab Importer	Affected by	VCID-e9qd-svur-cfh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1608.yml	36.1.3
2025-07-01T18:13:45.635647+00:00	GitLab Importer	Affected by	VCID-r1et-gsp9-1bbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5099.yml	36.1.3
2025-07-01T18:13:43.600349+00:00	GitLab Importer	Affected by	VCID-3yv4-3421-tqf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1606.yml	36.1.3
2025-07-01T18:12:58.427631+00:00	GitLab Importer	Affected by	VCID-cu6k-92m3-3bc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4630.yml	36.1.3
2025-07-01T18:12:58.391944+00:00	GitLab Importer	Affected by	VCID-6tb2-9qd8-qyc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4632.yml	36.1.3
2025-07-01T18:12:58.236572+00:00	GitLab Importer	Affected by	VCID-zb1h-ucdg-qbch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4628.yml	36.1.3
2025-07-01T18:12:58.162067+00:00	GitLab Importer	Affected by	VCID-6yaa-24e9-cubs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4627.yml	36.1.3
2025-07-01T18:12:57.943151+00:00	GitLab Importer	Affected by	VCID-t1k9-3bh1-m7h4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4903.yml	36.1.3
2025-07-01T18:12:57.888575+00:00	GitLab Importer	Affected by	VCID-9xxg-zvpz-7yfa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4901.yml	36.1.3
2025-07-01T18:12:57.856391+00:00	GitLab Importer	Affected by	VCID-wket-pcbe-afe5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4902.yml	36.1.3
2025-07-01T14:31:39.045899+00:00	GHSA Importer	Affected by	VCID-9xxg-zvpz-7yfa	https://github.com/advisories/GHSA-8grp-3j5v-543g	36.1.3
2025-07-01T14:31:39.011884+00:00	GHSA Importer	Affected by	VCID-cu6k-92m3-3bc4	https://github.com/advisories/GHSA-29wr-24h5-95r5	36.1.3
2025-07-01T14:31:38.993287+00:00	GHSA Importer	Affected by	VCID-t1k9-3bh1-m7h4	https://github.com/advisories/GHSA-q22w-r5qq-v3wf	36.1.3
2025-07-01T14:31:38.926768+00:00	GHSA Importer	Affected by	VCID-6tb2-9qd8-qyc7	https://github.com/advisories/GHSA-h86g-796f-hhfq	36.1.3
2025-07-01T14:31:38.764388+00:00	GHSA Importer	Affected by	VCID-zb1h-ucdg-qbch	https://github.com/advisories/GHSA-79gv-5cgx-x6rx	36.1.3
2025-07-01T14:31:38.711903+00:00	GHSA Importer	Affected by	VCID-wket-pcbe-afe5	https://github.com/advisories/GHSA-9vxq-mxw5-mcgp	36.1.3
2025-07-01T14:31:38.675956+00:00	GHSA Importer	Affected by	VCID-6yaa-24e9-cubs	https://github.com/advisories/GHSA-frf4-5p2c-c3ff	36.1.3