CVE-2010-1153 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.3.0 <4.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

EPSS: 0.00602 pctl0.68569

Details

TYPO3 PHP remote file inclusion vulnerability PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

Metadata

Created: 2022-05-02T06:19:32Z
Modified: 2025-04-11T19:59:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4h9j-f98m-p4hg/GHSA-4h9j-f98m-p4hg.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-4h9j-f98m-p4hg
Finding: F422
Auto approve: 1