Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.0
Products affected by CVE-2020-11067
  • Typo3 » Typo3 » Version: 10.0.0
    cpe:2.3:a:typo3:typo3:10.0.0
  • Typo3 » Typo3 » Version: 10.0.10
    cpe:2.3:a:typo3:typo3:10.0.10
  • Typo3 » Typo3 » Version: 10.0.9
    cpe:2.3:a:typo3:typo3:10.0.9
  • Typo3 » Typo3 » Version: 10.1.0
    cpe:2.3:a:typo3:typo3:10.1.0
  • Typo3 » Typo3 » Version: 10.2.0
    cpe:2.3:a:typo3:typo3:10.2.0
  • Typo3 » Typo3 » Version: 10.2.1
    cpe:2.3:a:typo3:typo3:10.2.1
  • Typo3 » Typo3 » Version: 10.2.2
    cpe:2.3:a:typo3:typo3:10.2.2
  • Typo3 » Typo3 » Version: 10.3.0
    cpe:2.3:a:typo3:typo3:10.3.0
  • Typo3 » Typo3 » Version: 10.4.0
    cpe:2.3:a:typo3:typo3:10.4.0
  • Typo3 » Typo3 » Version: 10.4.1
    cpe:2.3:a:typo3:typo3:10.4.1
  • Typo3 » Typo3 » Version: 9.0.0
    cpe:2.3:a:typo3:typo3:9.0.0
  • Typo3 » Typo3 » Version: 9.0.3
    cpe:2.3:a:typo3:typo3:9.0.3
  • Typo3 » Typo3 » Version: 9.0.4
    cpe:2.3:a:typo3:typo3:9.0.4
  • Typo3 » Typo3 » Version: 9.1.0
    cpe:2.3:a:typo3:typo3:9.1.0
  • Typo3 » Typo3 » Version: 9.1.2
    cpe:2.3:a:typo3:typo3:9.1.2
  • Typo3 » Typo3 » Version: 9.1.3
    cpe:2.3:a:typo3:typo3:9.1.3
  • Typo3 » Typo3 » Version: 9.2.0
    cpe:2.3:a:typo3:typo3:9.2.0
  • Typo3 » Typo3 » Version: 9.2.1
    cpe:2.3:a:typo3:typo3:9.2.1
  • Typo3 » Typo3 » Version: 9.3.0
    cpe:2.3:a:typo3:typo3:9.3.0
  • Typo3 » Typo3 » Version: 9.3.1
    cpe:2.3:a:typo3:typo3:9.3.1
  • Typo3 » Typo3 » Version: 9.3.2
    cpe:2.3:a:typo3:typo3:9.3.2
  • Typo3 » Typo3 » Version: 9.3.3
    cpe:2.3:a:typo3:typo3:9.3.3
  • Typo3 » Typo3 » Version: 9.4.0
    cpe:2.3:a:typo3:typo3:9.4.0
  • Typo3 » Typo3 » Version: 9.5.0
    cpe:2.3:a:typo3:typo3:9.5.0
  • Typo3 » Typo3 » Version: 9.5.1
    cpe:2.3:a:typo3:typo3:9.5.1
  • Typo3 » Typo3 » Version: 9.5.10
    cpe:2.3:a:typo3:typo3:9.5.10
  • Typo3 » Typo3 » Version: 9.5.11
    cpe:2.3:a:typo3:typo3:9.5.11
  • Typo3 » Typo3 » Version: 9.5.12
    cpe:2.3:a:typo3:typo3:9.5.12
  • Typo3 » Typo3 » Version: 9.5.13
    cpe:2.3:a:typo3:typo3:9.5.13
  • Typo3 » Typo3 » Version: 9.5.14
    cpe:2.3:a:typo3:typo3:9.5.14
  • Typo3 » Typo3 » Version: 9.5.15
    cpe:2.3:a:typo3:typo3:9.5.15
  • Typo3 » Typo3 » Version: 9.5.16
    cpe:2.3:a:typo3:typo3:9.5.16
  • Typo3 » Typo3 » Version: 9.5.2
    cpe:2.3:a:typo3:typo3:9.5.2
  • Typo3 » Typo3 » Version: 9.5.3
    cpe:2.3:a:typo3:typo3:9.5.3
  • Typo3 » Typo3 » Version: 9.5.4
    cpe:2.3:a:typo3:typo3:9.5.4
  • Typo3 » Typo3 » Version: 9.5.5
    cpe:2.3:a:typo3:typo3:9.5.5
  • Typo3 » Typo3 » Version: 9.5.6
    cpe:2.3:a:typo3:typo3:9.5.6
  • Typo3 » Typo3 » Version: 9.5.7
    cpe:2.3:a:typo3:typo3:9.5.7
  • Typo3 » Typo3 » Version: 9.5.8
    cpe:2.3:a:typo3:typo3:9.5.8
  • Typo3 » Typo3 » Version: 9.5.9
    cpe:2.3:a:typo3:typo3:9.5.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved