Summary
This host is installed with TYPO3 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials or execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to TYPO3 version 4.1.13, 4.2.10, 4.3beta2 or later, For updates refer to, http://typo3.org/
Insight
Multiple error exists in the application,
- Multiple errors in Backend subcomponent, which fails to validate user supplied input properly.
- An error exist in Frontend Editing, which fails to sanitize URL parameters properly.
- An error exist in API function t3lib_div::quoteJSvalue, which fails to validate user supplied input properly.
- Multiple error exist in Install Tool, which allows login with know md5 hash of Install Tool password.
Affected
TYPO3 versions 4.0.13 and below, 4.1.0 to 4.1.12, 4.2.0 to 4.2.9 and 4.3.0beta1
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2009-3628, CVE-2009-3629, CVE-2009-3630, CVE-2009-3631, CVE-2009-3632, CVE-2009-3633, CVE-2009-3635, CVE-2009-3636 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- AdaptBB Multiple Input Validation Vulnerabilities
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- AjaxPortal 'di.php' File Inclusion Vulnerability