漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
Vulnerability Description
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
TYPO3 信息泄露漏洞
Vulnerability Description
TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 8.0.0-8.7.56、9.0.0-9.5.45、10.0.0-10.4.42、11.0.0-11.5.34、12.0.0-12.4.10、13.0.0版本存在信息泄露漏洞,该漏洞源于后端表单中哈希密码的信息泄露,攻击者利用该漏洞可以暴力破解明文密码。
CVSS Information
N/A
Vulnerability Type
N/A