CVE-2023-47126

Severity

53%

Complexity

39%

Confidentiality

23%

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Overview

First reported 1 year ago

2023-11-14 20:15:00

Last updated 1 year ago

2023-11-21 03:01:00

Affected Software

TYPO3

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55

https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423

https://typo3.org/security/advisory/typo3-core-sa-2023-005

https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55

Vendor Advisory

https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423

Patch

https://typo3.org/security/advisory/typo3-core-sa-2023-005

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.