TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 07 Oct 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 |
Mon, 07 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Typo3
Typo3 typo3 |
|
Weaknesses | CWE-94 | |
CPEs | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
Vendors & Products |
Typo3
Typo3 typo3 |
|
References |
|
|
Metrics |
ssvc
|
Wed, 28 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-03-05T00:00:00
Updated: 2024-10-07T14:25:08.658Z
Reserved: 2024-01-06T00:00:00
Link: CVE-2024-22188
Vulnrichment
Updated: 2024-08-01T22:35:34.867Z
NVD
Status : Awaiting Analysis
Published: 2024-03-05T02:15:27.443
Modified: 2024-11-21T08:55:45.287
Link: CVE-2024-22188
Redhat
No data.