Home > Vulnerability Database > WS-2018-0051

Mend.io Vulnerability Database

WS-2018-0051

Good to know:

Date: July 19, 2016

Information Disclosure in TYPO3 6.2.0 before 6.2.26, 7.6.0 before 7.6.10 and 8.0.0 before 8.2.1. The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

Language: PHP

Severity Score

5.0

Related Resources (3)

Url: https://github.com/TYPO3/TYPO3.CMS/commit/fcd52bc5bb84fbbb6b75f99f7c2fe1850ada36da

Url: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017/

Url: https://www.mend.io/vulnerability-database/WS-2018-0051

Severity Score

5.0

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version typo3/cms - TYPO3_7-6-10;typo3/cms - TYPO3_6-2-26;typo3/cms - 6.2.16;typo3/cms - 6.2.2;typo3/cms - 6.2.13;typo3/cms - dev-TYPO3_6-2;typo3/cms - 6.2.19;typo3/cms - 6.2.24;typo3/cms - 6.2.8;typo3/cms - dev-TYPO3_8-2;typo3/cms - dev-TYPO3_7-6;typo3/cms - 6.2.10-rc1;typo3/cms - 8.2.1;instituteweb/typo3-cms - 8.2.1;instituteweb/typo3-cms - 6.2.26;instituteweb/typo3-cms - 7.6.10

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2018-0051

Good to know:

Date: July 19, 2016

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?