CVE-2014-8328

MEDIUM

Dynamic Content Elements < 0.11.5 - Exposure of Sensitive Installation Environment Information via Update Check Request

Title source: llm
STIX 2.1

Description

The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0158
EPSS Percentile 72.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
dynamic_content_elements_project/dynamic_content_elements 0.7.0 - 0.7.5
t3/dce 0 - 0.11.5Packagist
Published Feb 03, 2020
Tracked Since Feb 18, 2026