vulnerability
FreeBSD: VID-b1ac663f-3aa9-11ee-b887-b42e991fc52e (CVE-2023-38499): typo3 -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Aug 14, 2023 | Aug 15, 2023 | Jun 15, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Aug 14, 2023
Added
Aug 15, 2023
Modified
Jun 15, 2026
Description
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
Solutions
freebsd-upgrade-package-typo3-11-php80freebsd-upgrade-package-typo3-11-php81freebsd-upgrade-package-typo3-12-php80freebsd-upgrade-package-typo3-12-php81
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.