Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2024-22188 - Vulnerability Database
TYPO3

TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2024-22188

High
Reference: CVE-2024-22188
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-22188
Title: TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS 9.5.46 ELTS 10.4.43 ELTS 11.5.35 LTS 12.4.11 LTS and 13.0.1.