Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-15099 Improper Input Validation vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation.
network
high complexity
typo3 CWE-20
8.1
2020-07-29 CVE-2020-15098 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Typo3
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums.
network
low complexity
typo3 CWE-327
8.8
2020-05-14 CVE-2020-11069 Unspecified vulnerability in Typo3
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery.
network
low complexity
typo3
8.8
2020-05-14 CVE-2020-11067 Deserialization of Untrusted Data vulnerability in Typo3
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization.
network
low complexity
typo3 CWE-502
8.8
2019-12-17 CVE-2019-19850 SQL Injection vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-89
7.2
2019-12-17 CVE-2019-19849 Deserialization of Untrusted Data vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-502
8.8
2019-12-17 CVE-2019-19848 Path Traversal vulnerability in Typo3
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2.
network
low complexity
typo3 CWE-22
7.2
2019-11-04 CVE-2010-3668 Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
network
low complexity
typo3 CWE-74
7.5
2019-11-04 CVE-2010-3663 Unrestricted Upload of File with Dangerous Type vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
network
low complexity
typo3 CWE-434
8.8
2019-11-04 CVE-2010-3662 SQL Injection vulnerability in Typo3
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
network
low complexity
typo3 CWE-89
8.8