TYPO3 < 3.5.0 Multiple Vulnerabilities

critical Nessus Plugin ID 11284

Synopsis

The remote host has a PHP script that is affected by multiple vulnerabilities.

Description

The remote host is running an old version of TYPO3.

An attacker can use it to read arbitrary files and execute arbitrary commands on this host.

Solution

Upgrade to TYPO3 3.5.0.

Plugin Details

Severity: Critical

ID: 11284

File Name: typo3_dev_read.nasl

Version: 1.27

Type: remote

Family: CGI abuses

Published: 2/28/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:typo3:typo3

Required KB Items: www/PHP, installed_sw/TYPO3

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 6982, 6983, 6984, 6985, 6986, 6988, 6993