Vulnerabilities > Typo3 > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-14 CVE-2020-11066 Unspecified vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server.
network
low complexity
typo3
critical
10.0
2019-11-05 CVE-2010-3671 Session Fixation vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
network
low complexity
typo3 CWE-384
critical
9.4
2019-05-09 CVE-2019-11832 Improper Input Validation vulnerability in Typo3
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
network
typo3 CWE-20
critical
9.3
2019-05-09 CVE-2019-11831 Deserialization of Untrusted Data vulnerability in multiple products
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
network
low complexity
typo3 debian fedoraproject drupal joomla CWE-502
critical
9.8
2019-05-09 CVE-2019-11830 Deserialization of Untrusted Data vulnerability in Typo3 Pharstreamwrapper
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism.
network
low complexity
typo3 CWE-502
critical
9.8
2013-10-28 CVE-2013-6288 Cross Site Scripting and PHP Code Execution vulnerability in TYPO3 Apache Solr
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
network
low complexity
ingo-renner typo3
critical
10.0
2013-08-16 CVE-2013-5303 Security vulnerability in TYPO3 Store Locator Extension
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
network
low complexity
joachim-ruhs typo3
critical
10.0
2011-10-09 CVE-2010-4953 Unspecified vulnerability in JW Calendar JW Calendar
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
jw-calendar typo3
critical
10.0
2011-10-07 CVE-2010-4889 Unspecified vulnerability in Marco Hezel HM Tinymarket
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
network
low complexity
marco-hezel typo3
critical
10.0
2010-07-22 CVE-2009-4952 Path Traversal vulnerability in Serge Gebhardt DIR Listing
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
network
low complexity
serge-gebhardt typo3 CWE-22
critical
10.0