Information disclosure in TYPO3 backend in TYPO3 - #VU181
Published: July 20, 2016 / Updated: July 28, 2016
Vulnerability identifier: #VU181
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TYPO3
Affected software:
TYPO3
TYPO3
Detailed vulnerability description
The vulnerability allows a remote attacker to receive valid backend usernames.
The vulnerability exists in the TYPO3 backend module. A remote user can receive valid backend usernames by guessing the file path to the cache files.
Successful exploitation of this vulnerability may result in disclosure of system information.
The vulnerability exists in the TYPO3 backend module. A remote user can receive valid backend usernames by guessing the file path to the cache files.
Successful exploitation of this vulnerability may result in disclosure of system information.
Remediation
Install the latest versions (6.2.26, 7.6.10, 8.2.1).