WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3714)

Description

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Remediation

References

Related Vulnerabilities

PostgreSQL Cryptographic Issues Vulnerability (CVE-2009-4034)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2327)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1397)

SharePoint CVE-2023-33130 Vulnerability (CVE-2023-33130)

WordPress Plugin Network Publisher 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)

Severity

High

Classification

CVE-2010-3714 CWE-264

Tags

Missing Update Known Vulnerabilities