The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=oss-security&m=125632856206736&w=2 - | |
References | () http://secunia.com/advisories/37122 - Vendor Advisory | |
References | () http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/36801 - Patch | |
References | () http://www.vupen.com/english/advisories/2009/3009 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/53917 - |
Information
Published : 2009-11-02 15:30
Updated : 2024-11-21 01:07
NVD link : CVE-2009-3628
Mitre link : CVE-2009-3628
CVE.ORG link : CVE-2009-3628
JSON object : View
Products Affected
typo3
- typo3
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor