CVE-2010-5101 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.2.0 <4.2.16 || >=4.3.0 <4.3.9 || >=4.4.0 <4.4.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00456 pctl0.63016

Details

TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

Metadata

Created: 2022-05-17T01:55:58Z
Modified: 2025-04-12T02:29:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rmqc-wfjm-3f66/GHSA-rmqc-wfjm-3f66.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-rmqc-wfjm-3f66
Finding: F063
Auto approve: 1