Search for vulnerabilities
Vulnerability details: VCID-4h31-swcq-suh9
Vulnerability ID VCID-4h31-swcq-suh9
Aliases CVE-2010-3714
GHSA-w736-qv86-vq94
Summary TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-284 Improper Access Control
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
epss 0.32406 https://api.first.org/data/v1/epss?cve=CVE-2010-3714
epss 0.33864 https://api.first.org/data/v1/epss?cve=CVE-2010-3714
generic_textual HIGH https://github.com/TYPO3/typo3
generic_textual HIGH https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620
generic_textual HIGH https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229
generic_textual HIGH https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2010-3714
generic_textual HIGH https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786
generic_textual HIGH http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
generic_textual HIGH http://www.debian.org/security/2010/dsa-2121
generic_textual HIGH http://www.exploit-db.com/exploits/15856
Reference id Reference type URL
http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
https://api.first.org/data/v1/epss?cve=CVE-2010-3714
https://github.com/TYPO3/typo3
https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620
https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229
https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb
https://nvd.nist.gov/vuln/detail/CVE-2010-3714
https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
http://www.debian.org/security/2010/dsa-2121
http://www.exploit-db.com/exploits/15856
GHSA-w736-qv86-vq94 https://github.com/advisories/GHSA-w736-qv86-vq94
Data source Metasploit
Description This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes. Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0. This flaw can be used to read any file that the web server user account has access to view.
Note 
Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
Reliability: []
Ransomware campaign use Unknown
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/admin/http/typo3_sa_2010_020.rb
Exploit Prediction Scoring System (EPSS)
Percentile 0.96636
EPSS Score 0.32406
Published At July 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:28:20.901026+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w736-qv86-vq94/GHSA-w736-qv86-vq94.json 36.1.3