CVE-2024-22188

{"id": "CVE-2024-22188", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-03-05T02:15:27.443", "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/help/security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1."}, {"lang": "es", "value": "TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los privilegios del servidor web) a trav\u00e9s de una vulnerabilidad de inyecci\u00f3n de comandos en los campos de formulario de la herramienta de instalaci\u00f3n. Las versiones fijas son 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS y 13.0.1."}], "lastModified": "2025-09-15T17:21:54.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5", "versionEndExcluding": "8.7.57", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082", "versionEndExcluding": "9.5.46", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9", "versionEndExcluding": "10.4.43", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D", "versionEndExcluding": "11.5.35", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314", "versionEndExcluding": "12.4.11", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}