logo

Database

Business information leak In typo3/cms

Description

TYPO3 Information Disclosure Vulnerability Exploitable by Editors It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-r287-hc8j-w56h

References

1. https://github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a2. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml3. https://typo3.org/security/advisory/typo3-core-sa-2015-0054. https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.