Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Typo3 Install Tool publicly accessible - Vulnerability Database

Typo3 Install Tool publicly accessible

Description

The web application is based on Typo3 CMS. Typo3 Install Tool is enabled and publicly accessible. If an attacker manages to brute force the Install Tool password, they will get full access to the web applicaiton.

Remediation

Restrict access to Typo3 Install Tool.

References

The Install Tool

Related Vulnerabilities

ColdFusion administrator login page publicly available Low
Common tags: Insecure Admin Access
Unrestricted access to Odoo DB manager High
Common tags: Insecure Admin Access
Fortinet Authentication bypass on administrative interface High
Common tags: Insecure Admin Access
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) Medium
Common tags: Insecure Admin Access
Unauthorized Access to a web app installer Medium
Common tags: Insecure Admin Access

Severity

Medium

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P

Tags

Insecure Admin Access