CVE-2016-5091 – typo3/cms-extbase

Package

Manager: composer
Name: typo3/cms-extbase
Vulnerable Version: >=0 <6.2.24 || >=7.0 <7.6.8 || =8.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02533 pctl0.8488

Details

Extbase for TYPO3 allows RCE Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

Metadata

Created: 2022-05-17T03:02:43Z
Modified: 2023-07-31T21:01:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jxg5-35fj-ccwf/GHSA-jxg5-35fj-ccwf.json
CWE IDs: []
Alternative ID: GHSA-jxg5-35fj-ccwf
Finding: F422
Auto approve: 1