GHSA-74w6-ww7w-45j9

Suggest an improvement
Source
https://github.com/advisories/GHSA-74w6-ww7w-45j9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74w6-ww7w-45j9/GHSA-74w6-ww7w-45j9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-74w6-ww7w-45j9
Aliases
  • CVE-2009-0258
Published
2022-05-02T03:13:52Z
Modified
2024-01-23T18:26:33.754576Z
Summary
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
Details

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

References

Affected packages

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.10

Database specific

{
    "last_known_affected_version_range": "<= 4.0.9"
}

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.8

Database specific

{
    "last_known_affected_version_range": "<= 4.1.7"
}

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
4.2.4

Database specific

{
    "last_known_affected_version_range": "<= 4.2.3"
}