-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.30 | 6.2.30 |
| typo3/cms | composer | >= 7.6.0, < 7.6.15 | 7.6.15 |
| typo3/cms | composer | >= 8.0.0, < 8.5.1 | 8.5.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from SwiftMailer's improper handling of mail() function parameters. The send() method in MailTransport passes $additionalParameters to mail() without proper validation, enabling RCE through header injection. TYPO3's dependency on vulnerable swiftmailer versions (<5.4.12) exposes this flaw when using mail transport. The CWE-94 mapping confirms this is code injection via uncontrolled command generation.
PHPPHPOngoing coverage of React2Shell