-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing access checks in Extbase's request handling pipeline. The Dispatcher class is central to routing requests to controller actions. The security bulletin explicitly states the lack of access checks for controller/action combinations, which aligns with the responsibility of the Dispatcher::dispatch method. The medium confidence for ActionController::processRequest reflects its role in action execution, though the primary flaw resides in the dispatcher's access control gap. The patches in versions 6.2.24/7.6.8 likely added access checks in these critical paths.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-extbase | composer | < 6.2.24 | 6.2.24 |
| typo3/cms-extbase | composer | >= 7.0, < 7.6.8 | 7.6.8 |
| typo3/cms-extbase | composer | = 8.1.1 |
KEV Misses 88% of Exploited CVEs- Get the report