Description

The web application is based on Typo3 CMS. Typo3 Install Tool is enabled and publicly accessible. If an attacker manages to brute force the Install Tool password, they will get full access to the web applicaiton.

Remediation

Restrict access to Typo3 Install Tool.

References

The Install Tool

Related Vulnerabilities

WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)

Apache Tomcat Information Disclosure CVE-2017-7674

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P

Tags

Insecure Admin Access