CNNVD-202601-2304 Information
CNNVD ID
CNNVD-202601-2304
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
TYPO3 CMS是TYPO3开源的一个内容管理系统。 TYPO3 CMS存在安全漏洞,该漏洞源于具有回收站模块访问权限的后端用户可从任何TCA定义的数据库表中删除任意数据,可能导致关键站点数据被清除和破坏。以下版本受到影响:10.0.0版本至10.4.54版本、11.0.0版本至11.5.48版本、12.0.0版本至12.4.40版本、13.0.0版本至13.4.22版本和14.0.0版本至14.0.1版本。
Description (English)
TYPO3 CMS is a TYPO3 open source content management system. TYPO3 CMS has a security loophole, which stems from the fact that back-end users with access to the wastebin module can remove random data from any TCA-defined database table, which could lead to clearance and destruction of key site data. The following versions are affected: 10.0.0 to 10.4.54, 11.0.0 to 11.5.48, 12.0.0 to 12.4.40, 13.0.0 to 13.4.2 and 14.0.0 to 14.0.1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
TYPO3
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/TYPO3/typo3/commit/336d6f165458a0ce32d8330999ab9ab6a5983d20 https://github.com/TYPO3/typo3/commit/a6604db66499710f72ae6e7006beb14ad0913aae https://github.com/TYPO3/typo3/commit/efb9528f9882ac924c40598ebd8508479e9950a3 https://typo3.org/security/advisory/typo3-core-sa-2026-003
Patch
https://typo3.org/security/advisory/typo3-core-sa-2026-003
Share on: