Search for vulnerabilities
Vulnerability details: VCID-2vwe-5wpk-ebdj
Vulnerability ID VCID-2vwe-5wpk-ebdj
Aliases CVE-2009-0256
GHSA-q45q-5233-229p
Summary Authentication library in TYPO3 vulnerable to session fixation Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-287 Improper Authentication
CWE-384 Session Fixation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2009-0256
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2009-0256
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2009-0256
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-q45q-5233-229p
generic_textual HIGH https://github.com/TYPO3/typo3
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2009-0256
generic_textual HIGH https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376
generic_textual HIGH http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001
generic_textual HIGH http://www.debian.org/security/2009/dsa-1711
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2009-0256
https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
https://github.com/TYPO3/typo3
https://nvd.nist.gov/vuln/detail/CVE-2009-0256
https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.debian.org/security/2009/dsa-1711
GHSA-q45q-5233-229p https://github.com/advisories/GHSA-q45q-5233-229p
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.74779
EPSS Score 0.00911
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:26:58.730817+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q45q-5233-229p/GHSA-q45q-5233-229p.json 36.1.3