Authentication Bypass Vulnerability in TYPO3 by TYPO3 Association
CVE-2011-4628

9.8CRITICAL

Key Information:

Vendor: Typo3
Status: Typo3
Vendor: CVE Published:; 6 November 2019

What is CVE-2011-4628?

A vulnerability in TYPO3 allows remote attackers to bypass backend authentication mechanisms via specially crafted requests. This flaw affects TYPO3 versions prior to 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4, potentially enabling unauthorized access to sensitive areas of the application.

Affected Version(s)

TYPO3 before 4.5.4

References

https://security-tracker.debian.org/tracker/CVE-2011-4628

x_refsource_MISC

https://typo3.org/security/advisory/typo3-core-sa-2011-00...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2019
Vulnerability Reserved
Nov 29, 2011

Typo3

What is CVE-2011-4628?

Affected Version(s)

References

CVSS V3.1

Timeline