漏洞标题
" typo3/cms-install 中的安装工具信息泄露"
漏洞描述信息
在typo3/cms-install中的安装工具信息披露
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Information Disclosure in Install Tool in typo3/cms-install
漏洞描述信息
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞类别
信息暴露
漏洞标题
TYPO3 安全漏洞
漏洞描述信息
TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 12.4.8之前版本存在安全漏洞,该漏洞源于独立安装工具的登录屏幕会显示瞬态数据目录的完整路径。
CVSS信息
N/A
漏洞类别
其他