CVE-2016-5091
HIGHTYPO3 < 6.2.24 - Remote Code Execution via Extbase Action
Title source: llmDescription
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/25/4
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/26/2
Scores
CVSS v3
8.1
EPSS
0.0237
EPSS Percentile
85.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-254
Status
published
Products (20)
typo3/cms-extbase
0 - 6.2.24Packagist
typo3/typo3
7.0.0
typo3/typo3
7.0.2
typo3/typo3
7.1.0
typo3/typo3
7.2.0
typo3/typo3
7.3.0
typo3/typo3
7.3.1
typo3/typo3
7.4.0
typo3/typo3
7.5.0
typo3/typo3
7.6.0
... and 10 more
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026