TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-25T20:54:41.648Z
Updated: 2024-08-02T17:46:55.097Z
Reserved: 2023-07-18T16:28:12.076Z
Link: CVE-2023-38499
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-25T21:15:10.997
Modified: 2023-08-02T19:11:12.320
Link: CVE-2023-38499
Redhat
No data.