CVE-2020-15515
Description
The TYPO3 extension Turn! through 0.3.2 fails to sanitize user input, allowing Remote Code Execution when an attacker has FTP/SFTP access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The TYPO3 extension Turn! through 0.3.2 fails to sanitize user input, allowing Remote Code Execution when an attacker has FTP/SFTP access.
Vulnerability
Description
The Turn! extension (turn) for TYPO3, in versions 0.3.2 and below, contains a remote code execution vulnerability. The root cause is a failure to properly sanitize user input, enabling an attacker to inject arbitrary commands [3]. This issue has been assigned CVE-2020-15515.
Exploitation
Prerequisites
Exploitation requires that the attacker already has FTP/SFTP access to the TYPO3 website [3]. This condition limits the attack surface to situations where an adversary has obtained legitimate or compromised credentials for file transfer, or where such access is otherwise available.
Impact
Successful exploitation allows the attacker to execute arbitrary code on the server. This can lead to full compromise of the confidentiality, integrity, and availability of the affected system, potentially including data theft, site defacement, or further lateral movement [2][3].
Mitigation
The vulnerability has been fixed in version 0.3.3 of the extension. Users are strongly advised to update as soon as possible via the TYPO3 extension manager, Packagist, or the official download link [3]. No workarounds have been provided.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
marcwillmann/turnPackagist | < 0.3.3 | 0.3.3 |
Affected products
2- TYPO3/turn extensiondescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-q7j5-9j77-g4gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15515ghsaADVISORY
- typo3.org/help/security-advisoriesghsax_refsource_MISCWEB
- typo3.org/security/advisory/typo3-ext-sa-2020-011ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.