Описание
Missing Access Check in TYPO3 CMS
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 6.2.0, < 6.2.25
6.2.25
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 7.6.0, < 7.6.8
7.6.8
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.1.1
8.1.1
9 Critical
CVSS3
9 Critical
CVSS3