Information disclosure in TYPO3 - CVE-2010-3664
Published: November 4, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30712
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2010-3664
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TYPO3
Affected software:
TYPO3
TYPO3
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
How to mitigate CVE-2010-3664
Install update from vendor's website.