CVE-2010-1153: TYPO3 PHP remote file inclusion vulnerability

May 2, 2022 (updated October 31, 2025)

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

References

github.com/TYPO3/typo3
github.com/advisories/GHSA-4h9j-f98m-p4hg
nvd.nist.gov/vuln/detail/CVE-2010-1153
web.archive.org/web/20100813082506/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008

Code Behaviors & Features

Detect and mitigate CVE-2010-1153 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →