Vulnerabilities > Typo3 > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-14 | CVE-2020-11066 | Unspecified vulnerability in Typo3 In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. | 10.0 |
2019-11-05 | CVE-2010-3671 | Session Fixation vulnerability in Typo3 TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | 9.4 |
2019-05-09 | CVE-2019-11832 | Improper Input Validation vulnerability in Typo3 TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | 9.3 |
2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |
2019-05-09 | CVE-2019-11830 | Deserialization of Untrusted Data vulnerability in Typo3 Pharstreamwrapper PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. | 9.8 |
2013-10-28 | CVE-2013-6288 | Cross Site Scripting and PHP Code Execution vulnerability in TYPO3 Apache Solr Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | 10.0 |
2013-08-16 | CVE-2013-5303 | Security vulnerability in TYPO3 Store Locator Extension Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | 10.0 |
2011-10-09 | CVE-2010-4953 | Unspecified vulnerability in JW Calendar JW Calendar Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2011-10-07 | CVE-2010-4889 | Unspecified vulnerability in Marco Hezel HM Tinymarket Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | 10.0 |
2010-07-22 | CVE-2009-4952 | Path Traversal vulnerability in Serge Gebhardt DIR Listing Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |