VulnerableCode Vulnerability Details - VCID-zzxz-2f13-qyhn

Search for vulnerabilities

Vulnerability details: VCID-zzxz-2f13-qyhn

Essentials
Severities (0)
References (4)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zzxz-2f13-qyhn
Aliases	TYPO3-CORE-SA-2016-013
Summary	Missing Access Check Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb
		https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807
		https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26
		https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T18:10:13.070337+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-013.yml	36.1.3