Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2024-34358 - Vulnerability Database
TYPO3

TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2024-34358

Medium
Reference: CVE-2024-34358
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-34358
Title: TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability
Overview:

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS 10.4.45 ELTS 11.5.37 LTS 12.4.15 LTS and 13.1.1 the ShowImageController (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g. /index.phpeIDtx_cms_showpicfile3amp...ampframe12345). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS 10.4.45 ELTS 11.5.37 LTS 12.4.15 LTS 13.1.1 fix the problem described.