Description
The web application is based on Typo3 CMS. Typo3 Install Tool is enabled and publicly accessible. If an attacker manages to brute force the Install Tool password, they will get full access to the web applicaiton.
Remediation
Restrict access to Typo3 Install Tool.
References
Related Vulnerabilities
WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)
Node.js Inspector Unauthorized Access Vulnerability
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)
ZK Framework AuUploader Information Disclosure (CVE-2022-36537)