CVE-2014-8328
MEDIUMDynamic Content Elements < 0.11.5 - Exposure of Sensitive Installation Environment Information via Update Check Request
Title source: llmDescription
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/
Vendor Advisory x_refsource_misc
http://typo3.org/extensions/repository/view/dce
VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/97673
Scores
CVSS v3
5.3
EPSS
0.0158
EPSS Percentile
72.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
dynamic_content_elements_project/dynamic_content_elements
0.7.0 - 0.7.5
t3/dce
0 - 0.11.5Packagist
Published
Feb 03, 2020
Tracked Since
Feb 18, 2026