Miggo Logo
Miggo Vulnerability Database
CVE-2010-3667

CVE-2010-3667: TYPO3 is vulnerable to Spam Abuse in the native form content element

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2010-3667
GHSA ID
GHSA-48ww-8h7g-4hwq
EPSS Score
0.54274%
CWE
CWE-20
Published
4/21/2022
Updated
2/6/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-frontendcomposer< 4.1.144.1.14
typo3/cms-frontendcomposer>= 4.2.0, < 4.2.134.2.13
typo3/cms-frontendcomposer>= 4.3.0, < 4.3.44.3.4
typo3/cms-frontendcomposer>= 4.4.0, < 4.4.14.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient validation of the 'auto_respond_msg' parameter in TYPO3's form handling. The patches introduced HMAC checks to prevent tampering with this field. The t3lib_formmail::start() function previously accepted unverified 'auto_respond_msg' values, while tslib_content::FORM() failed to include the required HMAC field in forms. These omissions allowed attackers to inject arbitrary email targets by manipulating the form's hidden fields. The commit diffs explicitly show the addition of HMAC validation in these functions to address the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

TYPO* ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.* *n* *.*.x ***or* *.*.* *llows Sp*m **us* in t** n*tiv* *orm *ont*nt *l*m*nt. *n *tt**k*r *oul* **us* t** *orm to s*n* m*ils to *r*itr*ry *m*il ***r*ss*s.

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt v*li**tion o* t** '*uto_r*spon*_ms*' p*r*m*t*r in TYPO*'s *orm **n*lin*. T** p*t***s intro*u*** *M** ****ks to pr*v*nt t*mp*rin* wit* t*is *i*l*. T** t*li*_*ormm*il::st*rt() *un*tion pr*viously ****pt** unv