Description
The web application is based on Typo3 CMS. Typo3 Install Tool is enabled and publicly accessible. If an attacker manages to brute force the Install Tool password, they will get full access to the web applicaiton.
Remediation
Restrict access to Typo3 Install Tool.
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)
WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.23)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)