Vulnerability Database

313,825

Total vulnerabilities in the database

TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts

It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.

Published: May 30, 2024
Updated: Jun 27, 2024
GHSA: GHSA-4r76-xr68-w7m7
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
typo3 / cms	6.2.0	6.2.14
typo3 / cms	7.0.0	7.3.1

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
https://typo3.org/security/advisory/typo3-core-sa-2015-002
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo