-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from TYPO3's login handling transmitting credentials over HTTP when initiated from an HTTPS page. The BackendController's loginAction is the primary entry point for authentication requests and would be responsible for protocol handling. The LoginProvider's form rendering would control the submission URL. While exact code isn't available, TYPO3's architecture patterns and the CWE-319 context strongly suggest these components would handle the insecure transmission. Confidence is high for BackendController due to its role in processing login parameters, and medium for LoginProvider as form URL generation logic isn't explicitly confirmed.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | = 7.6.15 |