Miggo Logo
Miggo Vulnerability Database
GHSA-g585-crjf-vhwq

GHSA-g585-crjf-vhwq: TYPO3 Denial of Service in Frontend Record Registration

7.5

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-g585-crjf-vhwq
EPSS Score
-
CWE
CWE-770
Published
6/7/2024
Updated
6/7/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cmscomposer>= 7.0.0, < 7.6.327.6.32
typo3/cmscomposer>= 8.0.0, < 8.7.218.7.21

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key functions: 1) TypoScriptFrontendController::initFEuser processes the 'recs' parameter without the enableRecordRegistration guard (pre-patch), allowing arbitrary session data injection. 2) FrontendUserAuthentication::record_registration executes the actual session storage without proper validation of anonymous sessions or resource limits. The patch added a configuration toggle around the recs processing in initFEuser, indicating this was the unprotected entry point. The record_registration method's lack of inherent throttling/validation makes it a secondary vulnerable component when abused through this vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

TYPO*’s *uilt-in r**or* r**istr*tion *un*tion*lity (*k* `**si* s*oppin* **rt`) usin* r**s URL p*r*m*t*rs is vuln*r**l* to **ni*l o* s*rvi**. **ilin* to prop*rly *nsur* t**t *nonymous us*r s*ssions *r* v*li*, *tt**k*rs **n us* t*is vuln*r**ility in or

Reasoning

T** vuln*r**ility st*ms *rom two k*y *un*tions: *) TypoS*ript*ront*n**ontroll*r::init**us*r pro**ss*s t** 'r**s' p*r*m*t*r wit*out t** *n**l*R**or*R**istr*tion *u*r* (pr*-p*t**), *llowin* *r*itr*ry s*ssion **t* inj**tion. *) *ront*n*Us*r*ut**nti**tio