Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-31046

Good to know:

icon

Date: June 14, 2022

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.

Language: PHP

Severity Score

Related Resources (5)

https://typo3.org/security/advisory/typo3-core-sa-2022-001
https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
https://nvd.nist.gov/vuln/detail/CVE-2022-31046
https://www.mend.io/vulnerability-database/CVE-2022-31046

Severity Score

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

icon

Upgrade Version

Upgrade to version v10.4.29,v11.5.11

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us