CVE-2009-0815

TYPO3 <4.0.12-4.3alpha1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0815. PoCs published by Lolek, including Metasploit module auxiliary/admin/http/typo3_sa_2009_002.

AI-analyzed exploit summary This exploit targets CVE-2009-0815 in TYPO3, leveraging a vulnerability in the jumpurl feature to bypass security checks and disclose the contents of arbitrary files, such as localconf.php. It first retrieves a juHash value and then uses it to fetch the file content.

Description

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Lolek · pythonwebappsphp
https://www.exploit-db.com/exploits/8038

This exploit targets CVE-2009-0815 in TYPO3, leveraging a vulnerability in the jumpurl feature to bypass security checks and disclose the contents of arbitrary files, such as localconf.php. It first retrieves a juHash value and then uses it to fetch the file content.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: TYPO3 < 4.2.6, TYPO3 < 4.1.10, TYPO3 < 4.0.12
No auth needed
Prerequisites: Target must be running a vulnerable version of TYPO3 · Network access to the TYPO3 installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/typo3_sa_2009_002.rb

This Metasploit module exploits a file disclosure vulnerability in TYPO3's jumpUrl mechanism (CVE-2009-0815) by bypassing the juHash security check to read arbitrary files accessible to the web server user.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TYPO3 (versions affected by SA-2009-002)
No auth needed
Prerequisites: Access to the TYPO3 instance · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/10/6
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1720
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021710

Scores

EPSS 0.5277
EPSS Percentile 98.0%

Details

CWE
CWE-200
Status published
Products (25)
typo3/cms 3.3 - 4.0.12Packagist
typo3/typo3 3.3.x
typo3/typo3 3.5.x
typo3/typo3 3.6.x
typo3/typo3 3.7.x
typo3/typo3 3.8.x
typo3/typo3 4.0
typo3/typo3 4.1
typo3/typo3 4.1.0
typo3/typo3 4.1.2
... and 15 more
Published Mar 05, 2009
Tracked Since Feb 18, 2026