Detections
Analytics
TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-001)
medium Nessus Plugin ID 190466
Language:
Synopsis
The remote webserver is affected by a vulnerabilityDescription
The version of TYPO3 installed on the remote host is prior to 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-001 advisory.- In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
(CVE-2023-30451)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to TYPO3 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35, 12.4.11, 13.0.1 or later.See Also
Plugin Details
Severity: Medium
ID: 190466
File Name: typo3_core-sa-2024-001.nasl
Version: 1.1
Type: remote
Family: CGI abuses
Published: 2/13/2024
Updated: 6/5/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N
CVSS Score Source: CVE-2023-30451
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.4
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:typo3:typo3
Required KB Items: www/PHP, installed_sw/TYPO3
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/13/2024
Vulnerability Publication Date: 12/25/2023
Reference Information
CVE: CVE-2023-30451