Low severity3.7NVD Advisory· Published Nov 14, 2023· Updated Jun 17, 2026
CVE-2023-47126
CVE-2023-47126
Description
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-installPackagist | >= 12.2.0, < 12.4.8 | 12.4.8 |
Affected products
3- osv-coords2 versions
>= 12.2.0, < 12.4.8+ 1 more
- (no CPE)range: >= 12.2.0, < 12.4.8
- (no CPE)range: >= 12.2.0, < 12.4.8
Patches
Vulnerability mechanics
References
5- github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423nvdPatchWEB
- github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-p2jh-95jg-2w55ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-47126ghsaADVISORY
- typo3.org/security/advisory/typo3-core-sa-2023-005nvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.