CVE-2024-22188

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22188
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22188.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-22188
Aliases
Published
2024-03-05T02:15:27Z
Modified
2024-10-08T04:02:00.908284Z
Summary
[none]
Details

TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.

References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

6.*

6.2.0
6.2.1
6.2.2
6.2.3

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2

8.*

8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0

Other

TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-2
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0
TYPO3_8-4-0
TYPO3_8-5-0
TYPO3_8-6-0
TYPO3_8-7-0

v10.*

v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3

v11.*

v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.2
v11.5.3

v12.*

v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0

v13.*

v13.0.0

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.1
v9.5.2
v9.5.3