CVE-2005-4875
TYPO3 < 3.8.0 - Unauthenticated Sensitive Information Exposure via phpinfo Endpoint
Title source: llmDescription
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42457
Various Sources x_refsource_misc
http://bugs.typo3.org/view.php?id=1250
Various Sources x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/
Scores
EPSS
0.0016
EPSS Percentile
36.5%
Details
CWE
CWE-200
Status
published
Products (4)
typo3/cms
0 - 3.8.1Packagist
typo3/typo3
1.1
typo3/typo3
3.7.0
typo3/typo3
< 3.8.0
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026