CVE-2024-22188
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los privilegios del servidor web) a través de una vulnerabilidad de inyección de comandos en los campos de formulario de la herramienta de instalación. Las versiones fijas son 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS y 13.0.1.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-06 CVE Reserved
- 2024-03-05 CVE Published
- 2024-10-05 EPSS Updated
- 2024-10-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w | ||
https://typo3.org/help/security-advisories | ||
https://typo3.org/security/advisory/typo3-core-sa-2024-002 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
- | - | - | - | - |