📦 Typo3

This vulnerability allows backend users with access to the recycler module to delete arbitrary data from any database table defined in TYPO3's TCA, regardless of permissions. Attackers can purge criti...

This CVE describes a deserialization vulnerability in TYPO3 CMS mail file spool functionality. Local users with write access to the spool directory can craft malicious files that execute arbitrary PHP...

This vulnerability allows authenticated backend users in TYPO3 CMS to bypass authorization checks and directly access AJAX backend routes they shouldn't have permission to use. It affects TYPO3 CMS in...

This vulnerability allows TYPO3 administrator-level backend users without system maintainer privileges to escalate their privileges and gain system maintainer access. It affects TYPO3 installations st...

This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into executing unauthorized actions via malicious links. When combined with specific misconfigurations,...

This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into performing unauthorized actions via malicious links. When combined with misconfigured security set...

This CVE describes a command injection vulnerability in TYPO3's Install Tool that allows authenticated admin users with system maintainer privileges to execute arbitrary shell commands with web server...

This vulnerability in TYPO3 allows authenticated backend users to access files in the fallback storage via the File Abstraction Layer, potentially exposing sensitive file names and contents. It affect...

This vulnerability allows unauthenticated attackers to upload arbitrary files with any extension to TYPO3 CMS servers. It affects TYPO3 installations using Extbase MVC framework with FileReference dom...

This CVE describes an authorization bypass vulnerability in TYPO3 CMS where backend users with redirect module access and write permissions could manipulate any redirect record without proper mount re...

This vulnerability allows authenticated TYPO3 backend users with write permissions to bypass field-level access controls during record creation. By exploiting the defVals parameter, attackers can inse...

This vulnerability allows authenticated backend users in TYPO3 CMS to download CSV files containing data from database tables they shouldn't have access to, specifically from web mounts they lack perm...

This vulnerability in TYPO3 CMS's password generation component uses a predictable three-character prefix, reducing randomness and making brute-force attacks against user passwords significantly faste...

This vulnerability allows authenticated backend users in TYPO3 CMS to obtain sensitive file path information through error messages when file operations fail. It affects TYPO3 installations with vulne...

An open-redirect vulnerability in TYPO3 CMS's GeneralUtility::sanitizeLocalUrl function allows attackers to redirect users to malicious external websites by supplying manipulated URLs. This enables ph...

The femanager extension for TYPO3 contains an Insecure Direct Object Reference vulnerability that allows attackers to modify user data without proper authorization. This affects websites running vulne...

This vulnerability in TYPO3's file management module allows backend users to upload potentially harmful files like executables or files with mismatched extensions/MIME types. While these files aren't ...

This CSRF vulnerability in TYPO3's backend allows attackers to manipulate or delete form definitions when authenticated backend users interact with malicious URLs. It affects TYPO3 installations with ...

This CSRF vulnerability in TYPO3's backend user interface allows attackers to trick authenticated backend users into performing unauthorized state-changing actions via malicious links. The vulnerabili...

This CSRF vulnerability in TYPO3's backend user interface allows attackers to perform unauthorized password resets or session terminations for other backend users. It affects TYPO3 installations with ...

This vulnerability in TYPO3's URI parsing component allows attackers to bypass host validation checks when processing externally provided URLs. This can lead to open redirect attacks (redirecting user...

This vulnerability in TYPO3's ShowImageController allows attackers to trigger unlimited thumbnail generation by manipulating the 'frame' parameter without proper HMAC validation. It affects TYPO3 inst...

This CVE describes a cross-site scripting (XSS) vulnerability in TYPO3's form manager backend module. It allows authenticated backend users with form module access to inject malicious scripts that cou...