VulnerableCode Vulnerability Details - VCID-r1et-gsp9-1bbp

Search for vulnerabilities

Vulnerability details: VCID-r1et-gsp9-1bbp

Essentials
Severities (12)
References (12)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-r1et-gsp9-1bbp
Aliases	CVE-2010-5099 GHSA-66j3-66cp-6c2m
Summary	TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
epss	0.05185	https://api.first.org/data/v1/epss?cve=CVE-2010-5099
epss	0.05185	https://api.first.org/data/v1/epss?cve=CVE-2010-5099
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/64180
generic_textual	MODERATE	https://github.com/TYPO3/typo3
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-5099
generic_textual	MODERATE	https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
generic_textual	MODERATE	http://www.exploit-db.com/exploits/15856
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2011/01/13/2
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2012/05/10/7
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2012/05/11/3
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2012/05/12/5

Reference id	Reference type	URL
		http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
		https://api.first.org/data/v1/epss?cve=CVE-2010-5099
		https://exchange.xforce.ibmcloud.com/vulnerabilities/64180
		https://github.com/TYPO3/typo3
		https://nvd.nist.gov/vuln/detail/CVE-2010-5099
		https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
		http://www.exploit-db.com/exploits/15856
		http://www.openwall.com/lists/oss-security/2011/01/13/2
		http://www.openwall.com/lists/oss-security/2012/05/10/7
		http://www.openwall.com/lists/oss-security/2012/05/11/3
		http://www.openwall.com/lists/oss-security/2012/05/12/5
GHSA-66j3-66cp-6c2m		https://github.com/advisories/GHSA-66j3-66cp-6c2m

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.89429
EPSS Score	0.05185
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:27.989637+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-66j3-66cp-6c2m/GHSA-66j3-66cp-6c2m.json	36.1.3