CVE-2020-11063— Observable Response Discrepancy in TYPO3 CMS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-11063
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Observable Response Discrepancy in TYPO3 CMS
Source: NVD (National Vulnerability Database)
Vulnerability Description
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
响应差异性信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
TYPO3 Password Reset组件信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 CMS 10.4.0版本至10.4.1版本中的Password Reset组件存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2020-11063
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-11063
请登录查看更多情报信息。
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-347x-877p-hcwxx_refsource_CONFIRM
- Information Disclosure in Password Reset · Advisory · TYPO3/typo3 · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-11063
Same Patch Batch · TYPO3 · 2020-05-13 · 6 CVEs total
| CVE-2020-11067 | 8.8 HIGH | Deserialization of Untrusted Data in TYPO3 CMS |
| CVE-2020-11066 | 8.7 HIGH | Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CM |
| CVE-2020-11069 | 8.0 HIGH | Cross-Site Request Forgery in TYPO3 CMS |
| CVE-2020-11065 | 5.4 MEDIUM | Cross-Site Scripting in TYPO3 CMS |
| CVE-2020-11064 | 5.4 MEDIUM | Cross-Site Scripting in TYPO3 CMS |
IV. Related Vulnerabilities
Same product: TYPO3 CMS
- CVE-2026-6553
TYPO3 CMS Stores Cleartext Password in User Settings Module - CVE-2026-0859
TYPO3 CMS Allows Insecure Deserialization via Mailer File Sp - CVE-2025-59022
TYPO3 CMS Allows Broken Access Control in Recycler Module - CVE-2025-59021
TYPO3 CMS Allows Broken Access Control in Redirects Module - CVE-2025-59020
TYPO3 CMS Allows Broken Access Control in Edit Document Cont
Same vendor: TYPO3
- CVE-2026-6553
TYPO3 CMS Stores Cleartext Password in User Settings Module - CVE-2026-4208
Authentication Bypass in extension "E-Mail MFA Provider" (mf - CVE-2026-4202
Broken Access Control in extension "Redirect Tab" - CVE-2026-1323
Insecure Deserialization in extension "Mailqueue" (mailqueue - CVE-2026-0895
Insecure Deserialization in extension "Mailqueue" (mailqueue
Same weakness: CWE-204
- CVE-2026-8242
Industrial Application Software IAS Canias ERP Login RMI doA - CVE-2026-20195
Cisco Identity Services Engine Observable Response Discrepan - CVE-2026-24468
OpenAEV Vulnerable to Username/Email Enumeration Through Dif - CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-4113
SonicWALL SMA1000 安全漏洞
V. Comments for CVE-2020-11063
No comments yet