CVE-2010-3714
Public exploit
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.1
EPSS Score
8.52%
Published
2010-10-25
Updated
2012-06-01
CVE-2009-0815
Public exploit
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Max CVSS
5.0
EPSS Score
18.39%
Published
2009-03-05
Updated
2010-04-27
CVE-2009-0255
Public exploit
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Max CVSS
7.5
EPSS Score
2.24%
Published
2009-01-22
Updated
2024-02-14
3 vulnerabilities found