Filtered by vendor Typo3
Subscriptions
Total
478 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-23504 | 1 Typo3 | 1 Typo3 | 2022-12-16 | 4.9 Medium |
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | ||||
CVE-2020-11066 | 1 Typo3 | 1 Typo3 | 2022-12-02 | 10.0 Critical |
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | ||||
CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4952 | 2 Serge Gebhardt, Typo3 | 2 Dir Listing, Typo3 | 2022-10-03 | N/A |
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | ||||
CVE-2009-4970 | 2 Typo3, Typo3-macher | 2 Typo3, T3m Affiliate | 2022-10-03 | N/A |
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4963 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4709 | 2 Dirk Maiwert, Typo3 | 2 Datamints Newsticker, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4400 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4161 | 2 An Searchit, Typo3 | 2 An Searchit, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4705 | 2 Thomas Loeffler, Typo3 | 2 Twittersearch, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4389 | 2 Robert Puntigam, Typo3 | 2 Aba Watchdog, Typo3 | 2022-10-03 | N/A |
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
CVE-2009-4702 | 2 Markus Barchfeld, Typo3 | 2 Pm Tour, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4703 | 1 Typo3 | 2 Typo3, Ws Gallery | 2022-10-03 | N/A |
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2009-4951 | 2 Hans Olthoff, Typo3 | 2 Alternet Csa Out, Typo3 | 2022-10-03 | N/A |
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
CVE-2009-4391 | 2 Daniel Regelein, Typo3 | 2 Dr Blob, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4398 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2022-10-03 | N/A |
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2009-4740 | 1 Typo3 | 2 Typo3, Ws Ecard | 2022-10-03 | N/A |
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. | ||||
CVE-2009-4969 | 1 Typo3 | 2 Sbanner, Typo3 | 2022-10-03 | N/A |
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |