// For flags

CVE-2022-23503

TYPO3 vulnerable to Arbitrary Code Execution via Form Framework

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

TYPO3 es un sistema de gestión de contenidos web basado en PHP de código abierto. Las versiones anteriores a 8.7.49, 9.5.38, 10.4.33, 11.5.20 y 12.1.1 son vulnerables a la inyección de código. Debido a la falta de separación de los datos enviados por el usuario de la configuración interna en el módulo backend de Form Designer, es posible inyectar instrucciones de código para procesarlas y ejecutarlas a través de TypoScript como código PHP. Para aprovechar esta vulnerabilidad se necesita la existencia de instrucciones TypoScript individuales para un elemento de formulario en particular y una cuenta de usuario backend válida con acceso al módulo de formulario. Este problema se solucionó en las versiones 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-12-14 CVE Published
  • 2024-07-06 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL Tag Source
https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 8.0.0 < 8.7.49
Search vendor "Typo3" for product "Typo3" and version " >= 8.0.0 < 8.7.49"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 9.0.0 < 9.5.38
Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.38"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 10.0.0 < 10.4.33
Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.33"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 11.0.0 < 11.5.20
Search vendor "Typo3" for product "Typo3" and version " >= 11.0.0 < 11.5.20"
-
Affected
Typo3
Search vendor "Typo3"
 Typo3
Search vendor "Typo3" for product "Typo3"
 >= 12.0.0 < 12.1.1
Search vendor "Typo3" for product "Typo3" and version " >= 12.0.0 < 12.1.1"
-
Affected