-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from missing access controls in three key areas: 1) The ExportController's entry point lacked permission checks, 2) The context menu exposed the export option without proper authorization, and 3) The file storage layer didn't filter import/export temp files. The commit added permission checks (isExportEnabled), context menu restrictions, and the ImportExportFilter to address these gaps. The affected functions were those handling export initiation, UI visibility, and file storage filtering before these security measures were implemented.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-core | composer | >= 7.0.0, < 7.6.57 | 7.6.57 |
| typo3/cms-core | composer | >= 8.0.0, < 8.7.47 | 8.7.47 |
| typo3/cms-core | composer | >= 9.0.0, < 9.5.35 | 9.5.35 |
| typo3/cms-core | composer | >= 10.0.0, < 10.4.29 | 10.4.29 |
| typo3/cms-core | composer | >= 11.0.0, < 11.5.11 | 11.5.11 |
| typo3/cms | composer | >= 10.0.0, < 10.4.29 | 10.4.29 |
| typo3/cms | composer | >= 11.0.0, < 11.5.11 | 11.5.11 |
PHPPHPOngoing coverage of React2Shell