CVE-2009-3635 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=0 <=4.0.13 || >=4.1.0 <4.1.13 || >=4.2.0 <4.2.10 || >=4.3beta1 <4.3beta2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.01041 pctl0.76606

Details

TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

Metadata

Created: 2022-05-02T03:47:10Z
Modified: 2025-04-10T12:20:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hwrc-w5gg-f335/GHSA-hwrc-w5gg-f335.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-hwrc-w5gg-f335
Finding: F006
Auto approve: 1