Description

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

Remediation

References

CVE-2009-3628

Related Vulnerabilities

Microsoft SQL Server CVE-2024-0056 Vulnerability (CVE-2024-0056)

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21014)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Request Forgery (2.4.2)

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

PHP Resource Management Errors Vulnerability (CVE-2007-4660)

Severity

Medium

Classification

CVE-2009-3628 CWE-200

Tags

Missing Update Known Vulnerabilities