TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-12-14T07:58:05.232Z
Updated: 2024-08-03T03:43:46.501Z
Reserved: 2022-01-19T21:23:53.772Z
Link: CVE-2022-23504
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-12-14T08:15:10.830
Modified: 2022-12-16T17:53:08.737
Link: CVE-2022-23504
Redhat
No data.