CVE-2010-3664
Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TYPO3 backend before 4.1.14, 4.2.13, 4.3.4, and 4.4.1 allows information disclosure due to improper input handling.
Vulnerability
Description CVE-2010-3664 is an information disclosure vulnerability in the TYPO3 backend. Versions prior to 4.1.14, 4.2.13, 4.3.4, and 4.4.1 fail to properly sanitize user input, leading to the exposure of sensitive information [1][2]. This issue is part of a larger set of vulnerabilities addressed in the TYPO3 Security Advisory TYPO3-SA-2010-012 [1].
Exploitation
Exploitation requires a valid backend login, as the vulnerability exists within the authenticated backend interface [1]. The attack complexity is considered low, as the disclosure can be triggered through crafted requests that exploit unsanitized input fields [1]. No special network position is required beyond HTTP access to the backend.
Impact
An authenticated attacker can leverage this flaw to retrieve sensitive data that would otherwise be restricted [2]. While the exact disclosed information is not specified in the advisory, the vulnerability is classified as 'Information Disclosure' and could expose internal configuration details or user data [1][2]. The CVSS v2.0 score, though not officially assigned, suggests a partial impact on confidentiality [1].
Mitigation
The vulnerability is fixed in TYPO3 versions 4.1.14, 4.2.13, 4.3.4, and 4.4.1 [1]. Users of affected versions should upgrade immediately. The Debian security tracker also references this CVE and confirms the fix via DSA-2098-1 [4]. No workarounds are documented, and the vendor considers the risk high, recommending patching as the only solution [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-backendPackagist | < 4.1.14 | 4.1.14 |
typo3/cms-backendPackagist | >= 4.2.0, < 4.2.13 | 4.2.13 |
typo3/cms-backendPackagist | >= 4.3.0, < 4.3.4 | 4.3.4 |
typo3/cms-backendPackagist | >= 4.4.0, < 4.4.1 | 4.4.1 |
Affected products
2- TYPO3/TYPO3description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-8xp9-99h5-4vcgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3664ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
- security-tracker.debian.org/tracker/CVE-2010-3664ghsax_refsource_MISCWEB
- typo3.org/security/advisory/typo3-sa-2010-012/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.