Vulnerability DatabaseCVE-2024-22188
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-22188
March 05, 2024
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
Related ResourcesĀ (9)
https://github.com/TYPO3/typo3
https://nvd.nist.gov/vuln/detail/CVE-2024-22188
https://typo3.org/help/security-advisories
https://typo3.org/security/advisory/typo3-core-sa-2024-002
https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed
https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4
https://typo3.org/security/advisory/typo3-psa-2020-002
https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w
https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
Improper Control of Generation of Code ('Code Injection')
CWE-94
EPSS
Base Score:
0.69