VIR Vulnerability Intelligence Relay

CVE-2017-14251

high
Published 2017-09-11 · Modified 2024-04-25
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
6.5
VIR risk
8.8

Description

TYPO3 Arbitrary Code Execution

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/

Package impact
EcosystemPackageVulnerableFixed
php Packagisttypo3/cms>=7.6.0,<7.6.227.6.22
php Packagisttypo3/cms>=8.0.0,<8.7.58.7.5

Application impact
VendorProductVersionsFixed
typo3typo37.6.0
typo3typo37.6.1
typo3typo37.6.2
typo3typo37.6.3
typo3typo37.6.4
typo3typo37.6.5
typo3typo37.6.6
typo3typo37.6.7
typo3typo37.6.8
typo3typo37.6.9
typo3typo37.6.10
typo3typo37.6.11
typo3typo37.6.12
typo3typo37.6.13
typo3typo37.6.14
typo3typo37.6.15
typo3typo37.6.16
typo3typo37.6.17
typo3typo37.6.18
typo3typo37.6.19
typo3typo37.6.20
typo3typo37.6.21
typo3typo38.0.0
typo3typo38.0.1
typo3typo38.1.0
typo3typo38.1.1
typo3typo38.1.2
typo3typo38.2.0
typo3typo38.2.1
typo3typo38.3.0
typo3typo38.3.1
typo3typo38.4.0
typo3typo38.4.1
typo3typo38.5.0
typo3typo38.5.1
typo3typo38.6.0
typo3typo38.6.1
typo3typo38.7.0
typo3typo38.7.1
typo3typo38.7.2
typo3typo38.7.3
typo3typo38.7.4

References

CWEs

CWE-434

Verify integrity in audit chain (admin only). AS-IS.