TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
References
Configurations
No configuration.
History
21 Nov 2024, 08:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w - | |
References | () https://typo3.org/security/advisory/typo3-core-sa-2024-002 - |
07 Oct 2024, 19:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
04 Oct 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Aug 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-77 | |
Summary |
|
05 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-05 02:15
Updated : 2024-11-21 08:55
NVD link : CVE-2024-22188
Mitre link : CVE-2024-22188
CVE.ORG link : CVE-2024-22188
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')