TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 07 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Typo3
Typo3 typo3
Weaknesses CWE-94
CPEs cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Vendors & Products Typo3
Typo3 typo3
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 28 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-05T00:00:00

Updated: 2024-10-07T14:25:08.658Z

Reserved: 2024-01-06T00:00:00

Link: CVE-2024-22188

cve-icon Vulnrichment

Updated: 2024-08-01T22:35:34.867Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-05T02:15:27.443

Modified: 2024-11-21T08:55:45.287

Link: CVE-2024-22188

cve-icon Redhat

No data.