← back
CVE-2009-0815

CVE-2009-0815

EPSS 42.2%
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/8038unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/http://www.debian.org/security/2009/dsa-1720http://www.openwall.com/lists/oss-security/2009/02/10/6http://www.securitytracker.com/id?1021710