Vulnerabilities > CVE-2023-38499 - Unspecified vulnerability in Typo3

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

typo3

NVD

Published: 2023-07-25

Updated: 2023-08-02

Summary

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

Vulnerable Configurations

Part	Description	Count
Application	Typo3 Typo3 Typo3 12.0.0 Typo3 Typo3 12.1.0 Typo3 Typo3 12.1.1 Typo3 Typo3 11.0.0 Typo3 Typo3 11.0.2 Typo3 Typo3 11.0.3 Typo3 Typo3 11.1.0 Typo3 Typo3 11.1.1 Typo3 Typo3 11.2.0 Typo3 Typo3 11.3.0 Typo3 Typo3 11.3.1 Typo3 Typo3 11.3.2 Typo3 Typo3 11.3.3 Typo3 Typo3 11.4.0 Typo3 Typo3 11.5.0 Typo3 Typo3 11.5.10 Typo3 Typo3 11.5.11 Typo3 Typo3 11.5.15 Typo3 Typo3 11.5.19 Typo3 Typo3 11.5.20 Typo3 Typo3 10.0.0 Typo3 Typo3 10.0.9 Typo3 Typo3 10.0.10 Typo3 Typo3 10.1.0 Typo3 Typo3 10.2.0 Typo3 Typo3 10.2.1 Typo3 Typo3 10.2.2 Typo3 Typo3 10.3.0 Typo3 Typo3 10.4.0 Typo3 Typo3 10.4.1 Typo3 Typo3 10.4.2 Typo3 Typo3 10.4.3 Typo3 Typo3 10.4.4 Typo3 Typo3 10.4.5 Typo3 Typo3 10.4.6 Typo3 Typo3 10.4.10 Typo3 Typo3 10.4.13 Typo3 Typo3 10.4.14 Typo3 Typo3 10.4.15 Typo3 Typo3 10.4.16 Typo3 Typo3 10.4.17 Typo3 Typo3 10.4.18 Typo3 Typo3 10.4.19 Typo3 Typo3 10.4.20 Typo3 Typo3 10.4.21 Typo3 Typo3 10.4.28 Typo3 Typo3 10.4.29 Typo3 Typo3 10.4.31 Typo3 Typo3 10.4.32 Typo3 Typo3 10.4.33 Typo3 Typo3 9.4.0 Typo3 Typo3 9.5.1 Typo3 Typo3 9.5.2 Typo3 Typo3 9.5.3 Typo3 Typo3 9.5.4 Typo3 Typo3 9.5.5 Typo3 Typo3 9.5.6 Typo3 Typo3 9.5.7 Typo3 Typo3 9.5.8 Typo3 Typo3 9.5.9 Typo3 Typo3 9.5.10 Typo3 Typo3 9.5.11 Typo3 Typo3 9.5.12 Typo3 Typo3 9.5.13 Typo3 Typo3 9.5.14 Typo3 Typo3 9.5.15 Typo3 Typo3 9.5.16 Typo3 Typo3 9.5.17 Typo3 Typo3 9.5.18 Typo3 Typo3 9.5.19 Typo3 Typo3 9.5.20 Typo3 Typo3 9.5.23 Typo3 Typo3 9.5.24 Typo3 Typo3 9.5.25 Typo3 Typo3 9.5.34 Typo3 Typo3 9.5.35 Typo3 Typo3 9.5.36 Typo3 Typo3 9.5.37 Typo3 Typo3 9.5.38	81

Summary

Vulnerable Configurations

References