Vulnerability Description
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 8.0.0, < 8.7.57 |
Related Weaknesses (CWE)
References
- https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5wVendor Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2024-002Vendor Advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5wVendor Advisory
- https://typo3.org/help/security-advisoriesVendor Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2024-002Vendor Advisory
FAQ
What is CVE-2024-22188?
CVE-2024-22188 is a vulnerability with a CVSS score of 7.2 (HIGH). TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerabi...
How severe is CVE-2024-22188?
CVE-2024-22188 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22188?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.