Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
2017-01-23T21:59:01.610
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.1 (HIGH)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | typo3 | typo3 | ≤ 6.2.23 | Yes |
| Application | typo3 | typo3 | 7.0.0 | Yes |
| Application | typo3 | typo3 | 7.0.2 | Yes |
| Application | typo3 | typo3 | 7.1.0 | Yes |
| Application | typo3 | typo3 | 7.2.0 | Yes |
| Application | typo3 | typo3 | 7.3.0 | Yes |
| Application | typo3 | typo3 | 7.3.1 | Yes |
| Application | typo3 | typo3 | 7.4.0 | Yes |
| Application | typo3 | typo3 | 7.5.0 | Yes |
| Application | typo3 | typo3 | 7.6.0 | Yes |
| Application | typo3 | typo3 | 7.6.1 | Yes |
| Application | typo3 | typo3 | 7.6.2 | Yes |
| Application | typo3 | typo3 | 7.6.3 | Yes |
| Application | typo3 | typo3 | 7.6.4 | Yes |
| Application | typo3 | typo3 | 7.6.5 | Yes |
| Application | typo3 | typo3 | 7.6.6 | Yes |
| Application | typo3 | typo3 | 7.6.7 | Yes |
| Application | typo3 | typo3 | 7.6.8 | Yes |
| Application | typo3 | typo3 | 8.1.1 | Yes |