VulnerableCode Package Details - pkg:composer/typo3/cms@8.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1d1x-7vx6-zbfw Aliases: CVE-2017-14251 GHSA-fh4q-hxrw-cjqq	TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.	8.7.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq

TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

8.7.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bd6u-nca5-gyeu	Cross-Site Scripting (XSS) in TYPO3 Backend Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.	GHSA-hq37-rfjc-mr8h
VCID-f6sb-d831-u3fh	Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.	TYPO3-CORE-SA-2016-021
VCID-ky6n-ka2n-ayhu	Cache Flooding in Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.	TYPO3-CORE-SA-2016-022
VCID-t352-87cy-4qhm	Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.	GHSA-pw2q-qwvj-gh43

Vulnerability

Summary

Aliases

VCID-bd6u-nca5-gyeu

Cross-Site Scripting (XSS) in TYPO3 Backend Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

GHSA-hq37-rfjc-mr8h

VCID-f6sb-d831-u3fh

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

TYPO3-CORE-SA-2016-021

VCID-ky6n-ka2n-ayhu

Cache Flooding in Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.

TYPO3-CORE-SA-2016-022

VCID-t352-87cy-4qhm

Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.

GHSA-pw2q-qwvj-gh43

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T13:56:52.850610+00:00	GitLab Importer	Fixing	VCID-bd6u-nca5-gyeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-hq37-rfjc-mr8h.yml	36.1.3
2025-07-03T13:56:52.787652+00:00	GitLab Importer	Fixing	VCID-t352-87cy-4qhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pw2q-qwvj-gh43.yml	36.1.3
2025-07-01T18:10:30.746814+00:00	GitLab Importer	Affected by	VCID-1d1x-7vx6-zbfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml	36.1.3
2025-07-01T18:10:15.748828+00:00	GitLab Importer	Fixing	VCID-f6sb-d831-u3fh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-021.yml	36.1.3
2025-07-01T18:10:15.722066+00:00	GitLab Importer	Fixing	VCID-ky6n-ka2n-ayhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-022.yml	36.1.3
2025-07-01T14:35:06.157338+00:00	GHSA Importer	Fixing	VCID-t352-87cy-4qhm	https://github.com/advisories/GHSA-pw2q-qwvj-gh43	36.1.3
2025-07-01T14:35:05.693570+00:00	GHSA Importer	Fixing	VCID-bd6u-nca5-gyeu	https://github.com/advisories/GHSA-hq37-rfjc-mr8h	36.1.3
2025-07-01T12:11:03.664299+00:00	GithubOSV Importer	Fixing	VCID-bd6u-nca5-gyeu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-hq37-rfjc-mr8h/GHSA-hq37-rfjc-mr8h.json	36.1.3
2025-07-01T12:11:02.542268+00:00	GithubOSV Importer	Fixing	VCID-t352-87cy-4qhm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-pw2q-qwvj-gh43/GHSA-pw2q-qwvj-gh43.json	36.1.3