CVE-2024-22188

TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
Configurations

No configuration.

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References
  • () https://typo3.org/help/security-advisories -
References () https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w - () https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w -
References () https://typo3.org/security/advisory/typo3-core-sa-2024-002 - () https://typo3.org/security/advisory/typo3-core-sa-2024-002 -

07 Oct 2024, 19:36

Type Values Removed Values Added
CWE CWE-77 CWE-94

04 Oct 2024, 19:15

Type Values Removed Values Added
References
  • {'url': 'https://typo3.org/help/security-advisories', 'source': 'cve@mitre.org'}

28 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CWE CWE-77
Summary
  • (es) TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los privilegios del servidor web) a través de una vulnerabilidad de inyección de comandos en los campos de formulario de la herramienta de instalación. Las versiones fijas son 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS y 13.0.1.

05 Mar 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-05 02:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-22188

Mitre link : CVE-2024-22188

CVE.ORG link : CVE-2024-22188


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')