Typo3 » Typo3 » 4.2.3 : Security Vulnerabilities, CVEs,

cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*

CVE-2010-3714

Public exploit
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.1
EPSS Score
8.52%
Published
2010-10-25
Updated
2012-06-01

CVE-2009-0815

Public exploit
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Max CVSS
5.0
EPSS Score
18.39%
Published
2009-03-05
Updated
2010-04-27

CVE-2009-0255

Public exploit
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Max CVSS
7.5
EPSS Score
2.24%
Published
2009-01-22
Updated
2024-02-14
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close