{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-22188", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-07T14:25:08.658Z", "dateReserved": "2024-01-06T00:00:00", "datePublished": "2024-03-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-04T18:37:11.372925"}, "descriptions": [{"lang": "en", "value": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002"}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.867Z"}, "title": "CVE Program Container", "references": [{"url": "https://typo3.org/help/security-advisories", "tags": ["x_transferred"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", "tags": ["x_transferred"]}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "typo3", "product": "typo3", "cpes": ["cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.7.56", "versionType": "custom"}, {"version": "9.0.0", "status": "affected", "lessThanOrEqual": "9.5.45", "versionType": "custom"}, {"version": "10.0.0", "status": "affected", "lessThanOrEqual": "10.4.42", "versionType": "custom"}, {"version": "11.0.0", "status": "affected", "lessThanOrEqual": "11.5.34", "versionType": "custom"}, {"version": "12.0.0", "status": "affected", "lessThanOrEqual": "12.4.10", "versionType": "custom"}, {"version": "13.0.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T16:17:44.688947Z", "id": "CVE-2024-22188", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-07T14:25:08.658Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://typo3.org/help/security-advisories", "tags": ["x_transferred"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002", "tags": ["x_transferred"]}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.867Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-22188", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-05T16:17:44.688947Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"], "vendor": "typo3", "product": "typo3", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "custom", "lessThanOrEqual": "8.7.56"}, {"status": "affected", "version": "9.0.0", "versionType": "custom", "lessThanOrEqual": "9.5.45"}, {"status": "affected", "version": "10.0.0", "versionType": "custom", "lessThanOrEqual": "10.4.42"}, {"status": "affected", "version": "11.0.0", "versionType": "custom", "lessThanOrEqual": "11.5.34"}, {"status": "affected", "version": "12.0.0", "versionType": "custom", "lessThanOrEqual": "12.4.10"}, {"status": "affected", "version": "13.0.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:05:21.958Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002"}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"}], "descriptions": [{"lang": "en", "value": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-04T18:37:11.372925"}}}, "cveMetadata": {"cveId": "CVE-2024-22188", "state": "PUBLISHED", "dateUpdated": "2024-10-07T14:25:08.658Z", "dateReserved": "2024-01-06T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-05T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "D27B5B1C-F807-411B-BCA1-112C85BDC3E5", "versionEndExcluding": "8.7.57", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1F52D81-C2B7-4AFE-A99E-7E40E0751082", "versionEndExcluding": "9.5.46", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF72A1A-60DD-4588-8E90-B5D6D84854A9", "versionEndExcluding": "10.4.43", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAE0085D-3BA8-4076-BAB0-04BBB118A78D", "versionEndExcluding": "11.5.35", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D518ED7-F1C8-4836-B3D8-4D228A48F314", "versionEndExcluding": "12.4.11", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E20E3F5E-8C2B-4AC1-A3E3-B428710A5480", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1."}, {"lang": "es", "value": "TYPO3 anterior a 13.0.1 permite a un usuario administrador autenticado (con privilegios de mantenimiento del sistema) ejecutar comandos de shell arbitrarios (con los privilegios del servidor web) a trav\u00e9s de una vulnerabilidad de inyecci\u00f3n de comandos en los campos de formulario de la herramienta de instalaci\u00f3n. Las versiones fijas son 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS y 13.0.1."}], "id": "CVE-2024-22188", "lastModified": "2025-09-15T17:21:54.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-05T02:15:27.443", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/help/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-002"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}