← voltar
CVE-2024-22188

CVE-2024-22188

CVSS 7.2 HIGHEPSS 2.0%CWE-94
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 mar 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5whttps://typo3.org/help/security-advisorieshttps://typo3.org/security/advisory/typo3-core-sa-2024-002