目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

TYPO3 厂商漏洞列表 / CVE 中文分析 118

TYPO3 厂商相关 118 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

TYPO3 是一款基于 PHP 的开源内容管理系统,广泛用于构建企业级网站与数字平台。其历史漏洞多涉及远程代码执行、跨站脚本及越权访问,部分源于插件扩展或配置不当。尽管核心框架持续强化输入验证与权限控制,但第三方扩展的安全审计仍是关键风险点。截至最新统计,该生态已收录 118 条 CVE,提示用户需定期更新并严格审查集成组件,以维持系统整体安全性。

上位製品 TYPO3: TYPO3 TYPO3 CMS TYPO3.CMS html-sanitizer ns backup extension Fluid sr feuser register extension Extension "Mailqueue" Extension "E-Mail MFA Provider" Extension "Redirect Tabs" Extension "Modules" Extension "Form to Database" (form_to_database) Extension "TYPO3 Backup Plus" Extension "femanager" Extension "powermail" cs seo extension reint downloadmanager extension femanager extension oidc
CVE IDタイトルCVSS深刻度公開日
CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer — typo3CWE-283 7.2 High2025-05-20
CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer — typo3CWE-351 5.4 Medium2025-05-20
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users — typo3CWE-620 3.8 Low2025-05-20
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling — typo3CWE-863 3.7 Low2025-05-20
CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks — typo3CWE-918 3.3 Low2025-05-20
CVE-2025-24856 TYPO3 安全漏洞 — oidcCWE-348 4.2 Medium2025-03-16
CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3 — typo3CWE-601 4.8 Medium2025-01-14
CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3 — typo3CWE-352 7.5 High2025-01-14
CVE-2024-55922 Cross-Site Request Forgery in Form Framework Module in TYPO3 — typo3CWE-352 5.4 Medium2025-01-14
CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3 — typo3CWE-352 8.0 High2025-01-14
CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3 — typo3CWE-352 4.3 Medium2025-01-14
CVE-2024-55891 Information Disclosure via Exception Handling/Logger in TYPO3 — typo3CWE-532 3.1 Low2025-01-14
CVE-2024-47780 Information Disclosure in TYPO3 Page Tree — typo3CWE-863 3.1 Low2024-10-08
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController — typo3CWE-347 5.3 Medium2024-05-14
CVE-2024-34357 TYPO3 vulnerable to Cross-Site Scripting in ShowImageController — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34356 TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module — typo3CWE-79 5.4 Medium2024-05-14
CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module — typo3CWE-116 3.5 Low2024-05-14
CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25119 Information Disclosure of Encryption Key in TYPO3 Install Tool — typo3CWE-200 4.9 Medium2024-02-13
CVE-2024-25120 Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3 — typo3CWE-200 4.3 Medium2024-02-13
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3 — typo3CWE-200 7.1 High2024-02-13
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79 4.7 Medium2023-11-14
CVE-2023-47126 Information Disclosure in Install Tool in typo3/cms-install — typo3CWE-200 3.7 Low2023-11-14
CVE-2023-47127 Weak Authentication in Session Handling in typo3/cms-core — typo3CWE-302 4.2 Medium2023-11-14
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer — html-sanitizerCWE-79 4.7 Medium2023-07-25
CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution — typo3CWE-200 3.7 Low2023-07-25

本页汇总了 TYPO3 厂商截至目前公开的全部 118 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。