Description
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3458 Vulnerability (CVE-2017-3458)
WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0114)
Joomla CVE-2012-0836 Vulnerability (CVE-2012-0836)
Joomla Improper Input Validation Vulnerability (CVE-2006-4468)