Typo3 : Security Vulnerabilities, CVEs, Published In 2020 (Sql injection) CVSS score >= 6
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
Max CVSS
8.1
EPSS Score
0.13%
Published
2020-11-23
Updated
2020-12-01
1 vulnerabilities found