CVE-2010-3714

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism in packagist/typo3/cms

Identifiers

GHSA-w736-qv86-vq94, CVE-2010-3714

Package Slug

packagist/typo3/cms

Vulnerability

TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism

Description

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Affected Versions

All versions starting from 4.2.0 before 4.2.15, all versions starting from 4.3.0 before 4.3.7, all versions starting from 4.4.0 before 4.4.4

Solution

Upgrade to versions 4.2.15, 4.3.7, 4.4.4 or above.

Last Modified

2024-02-09

source