Torben Hansen

8 exploits Active since Jun 2022
CVE-2026-47350 WRITEUP MEDIUM WRITEUP
TYPO3 CMS - Broken Access Control in DataHandler
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
CVE-2026-49742 WRITEUP HIGH WRITEUP
TYPO3 CMS - Broken Access Control in Media Module
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This issue affects TYPO3 CMS versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.
CVE-2026-47350 WRITEUP MEDIUM WRITEUP
TYPO3 CMS - Broken Access Control in DataHandler
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.
CVE-2026-49742 WRITEUP HIGH WRITEUP
TYPO3 CMS - Broken Access Control in Media Module
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This issue affects TYPO3 CMS versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.
CVE-2022-31046 WRITEUP MEDIUM WRITEUP
TYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
CVSS 4.3
CVE-2022-31047 WRITEUP MEDIUM WRITEUP
TYPO3 <7.6.57 ELTS, <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 ...
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
CVSS 5.3
CVE-2022-36106 WRITEUP MEDIUM WRITEUP
TYPO3 <10.4.31, <11.5.15 - Info Disclosure
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
CVSS 5.4
CVE-2024-24751 WRITEUP MEDIUM WRITEUP
sf_event_mgt 7.0.0-7.3.9 - Improper Access Control in Backend Module
sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.3