CVE-2010-3714

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Published: Oct 25, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3714
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.2.10	4.2.10.x
typo3 / typo3	4.3.6	4.3.6.x
typo3 / typo3	4.2.14	4.2.14.x
typo3 / typo3	4.3.5	4.3.5.x
typo3 / typo3	4.2.4	4.2.4.x
typo3 / typo3	4.2.5	4.2.5.x
typo3 / typo3	4.2.11	4.2.11.x
typo3 / typo3	4.2.0	4.2.0.x
typo3 / typo3	4.2.8	4.2.8.x
typo3 / typo3	4.2.13	4.2.13.x
typo3 / typo3	4.2.3	4.2.3.x
typo3 / typo3	4.2.1	4.2.1.x
typo3 / typo3	4.3.2	4.3.2.x
typo3 / typo3	4.4.1	4.4.1.x
typo3 / typo3	4.4.2	4.4.2.x
typo3 / typo3	4.2.12	4.2.12.x
typo3 / typo3	4.2.6	4.2.6.x
typo3 / typo3	4.3.0	4.3.0.x
typo3 / typo3	4.2.2	4.2.2.x
typo3 / typo3	4.3.3	4.3.3.x
typo3 / typo3	4.3.4	4.3.4.x
typo3 / typo3	4.4	4.4.x
typo3 / typo3	4.3.1	4.3.1.x
typo3 / typo3	4.2.7	4.2.7.x
typo3 / typo3	4.4.3	4.4.3.x
typo3 / typo3	4.2.9	4.2.9.x

Vulnerability Database

290,020

CVE-2010-3714