Vulnerabilities > Typo3 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-21355 | Files or Directories Accessible to External Parties vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 7.5 |
| 2020-07-29 | CVE-2020-15086 | Unspecified vulnerability in Typo3 Mediace 7.6.2/7.6.3/7.6.4 In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. | 7.5 |
| 2019-11-26 | CVE-2011-3583 | SQL Injection vulnerability in Typo3 It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. | 7.5 |
| 2019-11-06 | CVE-2011-4628 | Improper Authentication vulnerability in Typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | 7.5 |
| 2019-07-09 | CVE-2019-12747 | Deserialization of Untrusted Data vulnerability in Typo3 TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | 8.8 |
| 2015-01-04 | CVE-2014-9509 | Improper Input Validation vulnerability in Typo3 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | 7.5 |
| 2013-08-23 | CVE-2013-5569 | SQL Injection vulnerability in Heiko Sudar Slideshare 0.1.0 SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-20 | CVE-2013-5322 | SQL Injection vulnerability in JAN Bednarik Cooluri SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-16 | CVE-2013-5310 | SQL Injection vulnerability in Mauro Lorenzutti Wfqbe 1.3.1/2.0.0 SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-16 | CVE-2013-5306 | SQL Injection vulnerability in Die-Netzmacher Browser 4.5.0/4.5.2 SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |