Vulnerability Database
290,020
Total vulnerabilities in the database
TYPO3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
| Software | From | Fixed in |
|---|---|---|
typo3 / cms-core
|
8.0.0 | 8.7.25 |
|
typo3 / cms-core
|
9.0.0 | 9.5.6 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
- https://github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
- https://github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
- https://typo3.org/security/advisory/typo3-core-sa-2019-011