VYPR
Low severity3.7NVD Advisory· Published Jul 25, 2023· Updated Jun 17, 2026

CVE-2023-38499

CVE-2023-38499

Description

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 9.4.0, < 9.5.429.5.42
typo3/cms-corePackagist
>= 10.0.0, < 10.4.3910.4.39
typo3/cms-corePackagist
>= 11.0.0, < 11.5.3011.5.30
typo3/cms-corePackagist
>= 12.0.0, < 12.4.412.4.4

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.