漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Vulnerability Description
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
信息暴露
Vulnerability Title
TYPO3 安全漏洞
Vulnerability Description
TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 Core存在安全漏洞,攻击者利用该漏洞可以通过站点配置 YAML 占位符表达式绕过对 TYPO3 核心数据的访问限制,以读取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A