VulnerableCode Package Details - pkg:composer/typo3/cms@7.6.22

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1d1x-7vx6-zbfw	TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.	CVE-2017-14251 GHSA-fh4q-hxrw-cjqq
VCID-58sc-bkhd-7ud1	Code Injection Arbitrary Code Execution in TYPO3 CMS.	2017-09-05-4
VCID-brcm-16va-3yek	Information Disclosure in TYPO3 CMS HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.	GHSA-c7p6-3c9c-f88q
VCID-fru4-hjhx-47ev	Information Disclosure HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.	TYPO3-CORE-SA-2017-006
VCID-scue-m12x-nkf4	Information Disclosure in TYPO3 CMS.	2017-09-05-3
VCID-u6ar-3wzb-u3eg	Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.	GHSA-g46h-v2cc-6c94
VCID-vftm-uyy7-63fb	Information Disclosure in TYPO3 CMS.	2017-09-05-2
VCID-vyhd-x5fe-b3aj	Information Disclosure Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.	TYPO3-CORE-SA-2017-005
VCID-xg9s-8fv2-87hq	Arbitrary Code Execution in TYPO3 CMS Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload .pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool. ``` \.(php[3-7]?\|phpsh\|phtml\|pht)(\..)?$\|^\.htaccess$ ```	GHSA-67wg-6j7r-mqh8
VCID-yz56-gs5x-hudr	Arbitrary Code Execution Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.	TYPO3-CORE-SA-2017-007

Vulnerability

Summary

Aliases

VCID-1d1x-7vx6-zbfw

TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

CVE-2017-14251
GHSA-fh4q-hxrw-cjqq

VCID-58sc-bkhd-7ud1

Code Injection Arbitrary Code Execution in TYPO3 CMS.

2017-09-05-4

VCID-brcm-16va-3yek

Information Disclosure in TYPO3 CMS HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.

GHSA-c7p6-3c9c-f88q

VCID-fru4-hjhx-47ev

Information Disclosure HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.

TYPO3-CORE-SA-2017-006

VCID-scue-m12x-nkf4

Information Disclosure in TYPO3 CMS.

2017-09-05-3

VCID-u6ar-3wzb-u3eg

Information Disclosure in TYPO3 CMS Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

GHSA-g46h-v2cc-6c94

VCID-vftm-uyy7-63fb

Information Disclosure in TYPO3 CMS.

2017-09-05-2

VCID-vyhd-x5fe-b3aj

Information Disclosure Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.

TYPO3-CORE-SA-2017-005

VCID-xg9s-8fv2-87hq

Arbitrary Code Execution in TYPO3 CMS Due to a missing file extension in the fileDenyPattern, backend user are allowed to upload *.pht files which can be executed in certain web server setups. The new default fileDenyPattern is the following, which might have been overridden in the TYPO3 Install Tool. ``` \.(php[3-7]?|phpsh|phtml|pht)(\..*)?$|^\.htaccess$ ```

GHSA-67wg-6j7r-mqh8

VCID-yz56-gs5x-hudr

Arbitrary Code Execution Due to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.

TYPO3-CORE-SA-2017-007

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T13:56:51.886846+00:00	GitLab Importer	Fixing	VCID-u6ar-3wzb-u3eg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g46h-v2cc-6c94.yml	36.1.3
2025-07-03T13:56:51.833829+00:00	GitLab Importer	Fixing	VCID-xg9s-8fv2-87hq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-67wg-6j7r-mqh8.yml	36.1.3
2025-07-03T13:56:51.643885+00:00	GitLab Importer	Fixing	VCID-brcm-16va-3yek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-c7p6-3c9c-f88q.yml	36.1.3
2025-07-01T18:10:30.789540+00:00	GitLab Importer	Fixing	VCID-1d1x-7vx6-zbfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml	36.1.3
2025-07-01T18:10:30.461385+00:00	GitLab Importer	Fixing	VCID-58sc-bkhd-7ud1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-4.yml	36.1.3
2025-07-01T18:10:30.439767+00:00	GitLab Importer	Fixing	VCID-scue-m12x-nkf4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-3.yml	36.1.3
2025-07-01T18:10:30.418864+00:00	GitLab Importer	Fixing	VCID-vftm-uyy7-63fb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-09-05-2.yml	36.1.3
2025-07-01T18:10:30.399600+00:00	GitLab Importer	Fixing	VCID-vyhd-x5fe-b3aj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-005.yml	36.1.3
2025-07-01T18:10:30.364280+00:00	GitLab Importer	Fixing	VCID-fru4-hjhx-47ev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-006.yml	36.1.3
2025-07-01T18:10:30.343482+00:00	GitLab Importer	Fixing	VCID-yz56-gs5x-hudr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2017-007.yml	36.1.3
2025-07-01T14:35:06.048315+00:00	GHSA Importer	Fixing	VCID-u6ar-3wzb-u3eg	https://github.com/advisories/GHSA-g46h-v2cc-6c94	36.1.3
2025-07-01T14:35:05.930264+00:00	GHSA Importer	Fixing	VCID-brcm-16va-3yek	https://github.com/advisories/GHSA-c7p6-3c9c-f88q	36.1.3
2025-07-01T14:35:05.829593+00:00	GHSA Importer	Fixing	VCID-xg9s-8fv2-87hq	https://github.com/advisories/GHSA-67wg-6j7r-mqh8	36.1.3
2025-07-01T12:29:42.104380+00:00	GithubOSV Importer	Fixing	VCID-1d1x-7vx6-zbfw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fh4q-hxrw-cjqq/GHSA-fh4q-hxrw-cjqq.json	36.1.3
2025-07-01T12:11:03.859808+00:00	GithubOSV Importer	Fixing	VCID-brcm-16va-3yek	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-c7p6-3c9c-f88q/GHSA-c7p6-3c9c-f88q.json	36.1.3
2025-07-01T12:10:59.364732+00:00	GithubOSV Importer	Fixing	VCID-xg9s-8fv2-87hq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-67wg-6j7r-mqh8/GHSA-67wg-6j7r-mqh8.json	36.1.3
2025-07-01T12:10:57.572710+00:00	GithubOSV Importer	Fixing	VCID-u6ar-3wzb-u3eg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g46h-v2cc-6c94/GHSA-g46h-v2cc-6c94.json	36.1.3