Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-25121 Unspecified vulnerability in Typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL.
network
low complexity
typo3
7.1
7.1
2021-03-23 CVE-2021-21355 Files or Directories Accessible to External Parties vulnerability in Typo3
TYPO3 is an open source PHP based web content management system.
network
low complexity
typo3 CWE-552
7.5
7.5
2020-07-29 CVE-2020-15086 Unspecified vulnerability in Typo3 Mediace 7.6.2/7.6.3/7.6.4
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums.
network
low complexity
typo3
7.5
7.5
2019-11-26 CVE-2011-3583 SQL Injection vulnerability in Typo3
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability.
network
low complexity
typo3 CWE-89
7.5
7.5
2019-11-06 CVE-2011-4628 Improper Authentication vulnerability in Typo3
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.
network
low complexity
typo3 CWE-287
7.5
7.5
2019-07-09 CVE-2019-12747 Deserialization of Untrusted Data vulnerability in Typo3
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
network
low complexity
typo3 CWE-502
8.8
8.8
2015-01-04 CVE-2014-9509 Improper Input Validation vulnerability in Typo3
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
network
low complexity
typo3 CWE-20
7.5
7.5
2013-08-23 CVE-2013-5569 SQL Injection vulnerability in Heiko Sudar Slideshare 0.1.0
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
heiko-sudar typo3 CWE-89
7.5
7.5
2013-08-20 CVE-2013-5322 SQL Injection vulnerability in JAN Bednarik Cooluri
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
jan-bednarik typo3 CWE-89
7.5
7.5
2013-08-16 CVE-2013-5310 SQL Injection vulnerability in Mauro Lorenzutti Wfqbe 1.3.1/2.0.0
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mauro-lorenzutti typo3 CWE-89
7.5
7.5