漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cleartext storage of session identifier
Vulnerability Description
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
TYPO3 加密问题漏洞
Vulnerability Description
TYPO3是瑞士TYPO3(Typo3)协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 Typo3 存在加密问题漏洞,该漏洞源于将用户会话标识符以明文存储。该漏洞可以与其他问题结合利用,以检索会话标识符并获得对应用程序的未经授权的访问。攻击者可利用该漏洞攻击者访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A