Description

TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

Remediation

References

CVE-2011-4904

Related Vulnerabilities

Ruby on Rails Other Vulnerability (CVE-2021-22904)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (2.8.4)

WordPress Plugin PWAMP PHP Object Injection (1.0.0)

WordPress Plugin Insert or Embed Articulate Content into WordPress Directory Traversal (4.2999)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3783)

Severity

Medium

Classification

CVE-2011-4904 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities