CVE-2023-38499

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 25, 2023

Updated: Aug 2, 2023

CWE ID 200

Summary

CVE-2023-38499 is a vulnerability affecting TYPO3, an open source PHP content management system. In multi-site scenarios using versions 9.4.0 and prior to 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, query parameters 'id' and 'L' allowed unauthorized access to rendered content in the website frontend. This issue enabled visitors to view internal site content by crafting specific query parameters and accessing publicly available sites. Versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4 have been released as fixes for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TYPO3

Affected Vendors

TYPO3

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCStkp
https://www.cve.org/CVERecord?id=CVE-2023-38499
https://nvd.nist.gov/vuln/detail/CVE-2023-38499

Back to Vulnerability Database