CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Typo3 : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-15099 20 Exec Code 2020-07-29 2020-08-05
6.8
None Remote Medium Not required Partial Partial Partial
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6.
2 CVE-2020-15098 502 Exec Code 2020-07-29 2020-08-05
6.5
None Remote Low ??? Partial Partial Partial
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
3 CVE-2020-15086 502 Exec Code 2020-07-29 2020-08-05
7.5
None Remote Low Not required Partial Partial Partial
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
4 CVE-2020-11067 502 Exec Code 2020-05-14 2020-05-15
6.0
None Remote Medium ??? Partial Partial Partial
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
5 CVE-2019-11832 20 Exec Code 2019-05-09 2019-05-13
9.3
None Remote Medium Not required Complete Complete Complete
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
6 CVE-2017-14251 434 Exec Code 2017-09-11 2017-12-04
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
7 CVE-2016-5091 254 Exec Code +Info 2017-01-23 2017-01-26
6.8
None Remote Medium Not required Partial Partial Partial
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
8 CVE-2014-3942 94 Exec Code 2014-06-03 2017-12-29
6.0
None Remote Medium ??? Partial Partial Partial
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
9 CVE-2013-4321 94 Exec Code 2014-05-20 2014-05-21
6.5
None Remote Low ??? Partial Partial Partial
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.
10 CVE-2013-4250 20 Exec Code 2014-05-20 2014-05-31
6.5
None Remote Low ??? Partial Partial Partial
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.
11 CVE-2013-1842 89 Exec Code Sql 2013-03-20 2013-06-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
12 CVE-2012-6144 89 Exec Code Sql 2013-07-01 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2012-3527 310 Exec Code 2012-09-05 2017-08-29
4.6
None Remote High ??? Partial Partial Partial
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
14 CVE-2012-1605 Exec Code 2012-09-04 2012-09-05
5.0
None Remote Low Not required None Partial None
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
15 CVE-2011-4614 94 Exec Code File Inclusion 2012-02-18 2012-02-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
16 CVE-2010-5103 89 Exec Code Sql 2012-05-21 2017-08-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
17 CVE-2010-3663 434 Exec Code 2019-11-04 2019-11-05
6.5
None Remote Low ??? Partial Partial Partial
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
18 CVE-2010-1153 94 Exec Code File Inclusion 2010-04-20 2010-06-03
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
19 CVE-2009-4855 89 1 Exec Code Sql 2010-05-11 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
20 CVE-2009-3632 89 Exec Code Sql 2009-11-02 2017-08-17
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
21 CVE-2009-3631 94 Exec Code 2009-11-02 2017-08-17
8.5
None Remote Medium ??? Complete Complete Complete
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
22 CVE-2009-0258 20 Exec Code 2009-01-22 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
23 CVE-2008-6595 89 Exec Code Sql 2009-04-03 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2008-5801 94 Exec Code 2008-12-31 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
25 CVE-2008-5800 89 Exec Code Sql 2008-12-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26 CVE-2008-4188 94 Exec Code 2008-09-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
27 CVE-2008-3056 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2008-3055 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
29 CVE-2008-3054 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
30 CVE-2008-3053 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2008-3051 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
32 CVE-2008-3044 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
33 CVE-2008-3043 94 Exec Code 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
34 CVE-2008-3039 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
35 CVE-2008-3038 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
36 CVE-2008-2489 89 Exec Code Sql 2008-05-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
37 CVE-2008-2345 94 Exec Code 2008-05-19 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering."
38 CVE-2008-2275 94 Exec Code 2008-05-16 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.
39 CVE-2007-6381 89 Exec Code Sql 2007-12-15 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
40 CVE-2006-6690 Exec Code 2006-12-21 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.