CVE-2010-3714

TYPO3 4.2.0-4.2.14, 4.3.0-4.3.6, 4.4.0-4.4.3 - Unauthenticated Arbitrary File Read via jumpUrl Hash Comparison

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3714. PoCs published by ikki, Chris John Riley, Gregor Kopf, including Metasploit module auxiliary/admin/http/typo3_sa_2010_020.

AI-analyzed exploit summary This exploit leverages a non-typesafe comparison flaw (CVE-2010-3714) and a fileDenyPattern bypass in TYPO3 to retrieve arbitrary files without authentication. It first discloses the encryption key and then allows file retrieval via crafted requests.

Description

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC
by ikki · phpwebappsphp
https://www.exploit-db.com/exploits/15856

This exploit leverages a non-typesafe comparison flaw (CVE-2010-3714) and a fileDenyPattern bypass in TYPO3 to retrieve arbitrary files without authentication. It first discloses the encryption key and then allows file retrieval via crafted requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TYPO3 versions 4.2.15, 4.3.7, or 4.4.4
No auth needed
Prerequisites: Vulnerable TYPO3 installation · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Chris John Riley, Gregor Kopf · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/typo3_sa_2010_020.rb

This Metasploit module exploits a flaw in TYPO3's jumpurl feature to perform remote file disclosure by brute-forcing a hash collision (juHash=0). It allows reading arbitrary files accessible to the web server user.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: TYPO3 (versions affected by CVE-2010-3714)
No auth needed
Prerequisites: Network access to the TYPO3 instance · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43786
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15856
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2121

Scores

EPSS 0.3365
EPSS Percentile 97.1%

Details

CWE
CWE-264
Status published
Products (27)
typo3/cms 4.2.0 - 4.2.15Packagist
typo3/typo3 4.2.0
typo3/typo3 4.2.1
typo3/typo3 4.2.2
typo3/typo3 4.2.3
typo3/typo3 4.2.4
typo3/typo3 4.2.5
typo3/typo3 4.2.6
typo3/typo3 4.2.7
typo3/typo3 4.2.8
... and 17 more
Published Oct 25, 2010
Tracked Since Feb 18, 2026