Search for packages
| purl | pkg:composer/typo3/cms@8.0.0-alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h958-d3pm-kfcs
Aliases: TYPO3-CORE-SA-2016-013 |
Missing Access Check Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute. |
Affected by 113 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:03.749534+00:00 | GitLab Importer | Affected by | VCID-h958-d3pm-kfcs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-013.yml | 38.0.0 |