VYPR
High severityNVD Advisory· Published Mar 5, 2024· Updated Oct 7, 2024

CVE-2024-22188

CVE-2024-22188

Description

TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 8.0.0, < 8.7.578.7.57
typo3/cms-corePackagist
>= 9.0.0, < 9.5.469.5.46
typo3/cms-corePackagist
>= 10.0.0, < 10.4.4310.4.43
typo3/cms-corePackagist
>= 11.0.0, < 11.5.3511.5.35
typo3/cms-corePackagist
>= 12.0.0, < 12.4.1112.4.11
typo3/cms-corePackagist
>= 13.0.0, < 13.0.113.0.1

Affected products

1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.