CVE-2010-5101
TYPO3 Directory Traversal vulnerability
EPSS 0.41%
Description
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."
How to fix CVE-2010-5101
To remediate CVE-2010-5101, upgrade the affected package to a fixed version below.
- Packagist/typo3/cms—upgrade to 4.2.16 or later
Is CVE-2010-5101 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.2.0, < 4.2.16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |