icon

We found results for “

CVE-2023-50461

Date: August 19, 2025

The “Configuration” backend module of the extension allows an authenticated user to write arbitrary page TSConfig for folders configured as “Direct Mail”. Exploiting the vulnerability may lead to Configuration Injection (TYPO3 10.4 and above) and to Arbitrary Code Execution (TYPO3 9.5 and below).\n\nA valid backend user account having access to the Direct Mail \"Configuration\" backend module is needed in order to exploit this vulnerability.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

External Control of System or Configuration Setting

CWE-15

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-95

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us