CVE-2022-23503 - OpenCVE

Vendors	Products
Typo3	Typo3

Link	Resource
https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm	Third Party Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-23503", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.770Z", "datePublished": "2022-12-14T07:51:03.984Z"}, "containers": {"cna": {"title": "TYPO3 vulnerable to Arbitrary Code Execution via Form Framework", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"version": ">= 8.0.0, < 8.7.49", "status": "affected"}, {"version": ">= 9.0.0, < 9.5.38", "status": "affected"}, {"version": ">= 10.0.0, < 10.4.33", "status": "affected"}, {"version": ">= 11.0.0, < 11.5.20", "status": "affected"}, {"version": ">= 12.0.0, < 12.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-14T07:51:03.984Z"}, "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."}], "source": {"advisory": "GHSA-c5wx-6c2c-f7rm", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF93898C-EDE9-4B25-A859-6BF216B87D9D", "versionEndExcluding": "8.7.49", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6D362D0-52EC-4A95-B01D-EF310ADD8C4F", "versionEndExcluding": "9.5.38", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596", "versionEndExcluding": "10.4.33", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171", "versionEndExcluding": "11.5.20", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B", "versionEndExcluding": "12.1.1", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."}, {"lang": "es", "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. Las versiones anteriores a 8.7.49, 9.5.38, 10.4.33, 11.5.20 y 12.1.1 son vulnerables a la inyecci\u00f3n de c\u00f3digo. Debido a la falta de separaci\u00f3n de los datos enviados por el usuario de la configuraci\u00f3n interna en el m\u00f3dulo backend de Form Designer, es posible inyectar instrucciones de c\u00f3digo para procesarlas y ejecutarlas a trav\u00e9s de TypoScript como c\u00f3digo PHP. Para aprovechar esta vulnerabilidad se necesita la existencia de instrucciones TypoScript individuales para un elemento de formulario en particular y una cuenta de usuario backend v\u00e1lida con acceso al m\u00f3dulo de formulario. Este problema se solucion\u00f3 en las versiones 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1."}], "id": "CVE-2022-23503", "lastModified": "2022-12-16T17:53:46.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-12-14T08:15:10.700", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object