Description

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.

Remediation

References

CVE-2021-32767

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Cross-Site Scripting (9.7.1)

WordPress Plugin s2Member Pro 'Coupon Code' Field HTML Injection (111216)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

Severity

Medium

Classification

CVE-2021-32767 CWE-532 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities