Home > Vulnerability Database > CVE-2023-38499

Mend.io Vulnerability Database

CVE-2023-38499

Date: July 25, 2023

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters "id" and "L" allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

Language: PHP

Severity Score

3.7

Related Resources (6)

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r

Url: https://typo3.org/security/advisory/typo3-core-sa-2023-003

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38499

Url: https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a

Url: https://github.com/TYPO3/typo3

Url: https://www.mend.io/vulnerability-database/CVE-2023-38499

Severity Score

3.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38499

Date: July 25, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?