Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2023-30451

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].

Published: Dec 25, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-30451
GHSA: GHSA-3gjc-mp82-fj4q
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
typo3 / typo3	11.5.24	11.5.24.x
typo3 / cms-core	8.0.0	8.7.57
typo3 / cms-core	9.0.0	9.5.46
typo3 / cms-core	10.0.0	10.4.43
typo3 / cms-core	11.0.0	11.5.35
typo3 / cms-core	12.0.0	12.4.11
typo3 / cms-core	13.0.0	13.0.0.x
typo3 / cms-core	13.0.0	13.0.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo