cve/CVE-2023-38499.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

POC

Reference

No PoCs from references.

Github

https://github.com/miguelc49/CVE-2023-38499-1
https://github.com/miguelc49/CVE-2023-38499-2
https://github.com/miguelc49/CVE-2023-38499-3
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Blame History

CVE-2023-38499

Description

POC

Reference

Github

1.2 KiB

Raw Blame History