Typo3

Typo3

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-3941

  • EPSS 0.28%
  • Veröffentlicht 03.06.2014 14:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."

6

CVE-2014-3942

  • EPSS 0.44%
  • Veröffentlicht 03.06.2014 14:55:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

4

CVE-2012-6146

  • EPSS 0.18%
  • Veröffentlicht 20.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

6.5

CVE-2013-4250

  • EPSS 0.39%
  • Veröffentlicht 20.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php fi...

5.5

CVE-2013-4320

  • EPSS 0.13%
  • Veröffentlicht 20.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

6.5

CVE-2013-4321

  • EPSS 0.49%
  • Veröffentlicht 20.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exi...

2.6

CVE-2013-7078

  • EPSS 0.49%
  • Veröffentlicht 19.01.2014 18:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Prop...

4

CVE-2013-7073

  • EPSS 0.28%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via u...

6.5

CVE-2013-7075

  • EPSS 0.41%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possi...

5.8

CVE-2013-7079

  • EPSS 0.29%
  • Veröffentlicht 23.12.2013 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via u...