CVE-2020-25025: Incorrect Authorization in TYPO3 extension
4.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.33274%
CWE
Published
7/26/2021
Updated
2/1/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
localizationteam/l10nmgr | composer | < 7.4.0 | 7.4.0 |
localizationteam/l10nmgr | composer | >= 8.0.0, < 8.7.0 | 8.7.0 |
localizationteam/l10nmgr | composer | >= 9.0.0, < 9.2.0 | 9.2.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability centers on missing access controls for translatable field exports. TYPO3 backend modules typically use Controller actions for export functionality, and service classes for rendering. The advisory specifically mentions export-related information disclosure, implicating the export action handler and XML renderer. While exact code changes aren't visible, these components would logically require the added authorization checks mentioned in the advisory. Confidence is medium due to inference from vulnerability patterns in TYPO3 extensions rather than direct patch analysis.