CVE-2010-5101

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."

Published: May 21, 2012
Updated: Apr 13, 2023
CVE: CVE-2010-5101
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.2.10	4.2.10.x
typo3 / typo3	4.3.6	4.3.6.x
typo3 / typo3	4.2.14	4.2.14.x
typo3 / typo3	4.3.5	4.3.5.x
typo3 / typo3	4.3.8	4.3.8.x
typo3 / typo3	4.2.4	4.2.4.x
typo3 / typo3	4.2.5	4.2.5.x
typo3 / typo3	4.2.15	4.2.15.x
typo3 / typo3	4.2.11	4.2.11.x
typo3 / typo3	4.2.0	4.2.0.x
typo3 / typo3	4.3.7	4.3.7.x
typo3 / typo3	4.2.8	4.2.8.x
typo3 / typo3	4.2.13	4.2.13.x
typo3 / typo3	4.2.3	4.2.3.x
typo3 / typo3	4.4.4	4.4.4.x
typo3 / typo3	4.2.1	4.2.1.x
typo3 / typo3	4.3.2	4.3.2.x
typo3 / typo3	4.4.1	4.4.1.x
typo3 / typo3	4.4.2	4.4.2.x
typo3 / typo3	4.2.12	4.2.12.x
typo3 / typo3	4.2.6	4.2.6.x
typo3 / typo3	4.3.0	4.3.0.x
typo3 / typo3	4.2.2	4.2.2.x
typo3 / typo3	4.3.3	4.3.3.x
typo3 / typo3	4.3.4	4.3.4.x
typo3 / typo3	4.3.1	4.3.1.x
typo3 / typo3	4.2.7	4.2.7.x
typo3 / typo3	4.4.3	4.4.3.x
typo3 / typo3	4.2.9	4.2.9.x

Vulnerability Database

290,020

CVE-2010-5101