CNNVD-202601-2305 Information
CNNVD ID
CNNVD-202601-2305
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
TYPO3 CMS是TYPO3开源的一个内容管理系统。 TYPO3 CMS存在安全漏洞,该漏洞源于利用defVals参数可绕过字段级访问检查,可能导致向数据库表禁止的排除字段插入任意数据。以下版本受到影响:10.0.0版本至10.4.54版本、11.0.0版本至11.5.48版本、12.0.0版本至12.4.40版本、13.0.0版本至13.4.22版本和14.0.0版本至14.0.1版本。
Description (English)
TYPO3 CMS is a TYPO3 open source content management system. TYPO3 CMS has a security loophole, which stems from the use of defVals parameters to bypass field-level access checks, which may lead to the insertion of arbitrary data into excluded fields prohibited from the database table. The following versions are affected: 10.0.0 to 10.4.54, 11.0.0 to 11.5.48, 12.0.0 to 12.4.40, 13.0.0 to 13.4.2 and 14.0.0 to 14.0.1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
TYPO3
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/TYPO3/typo3/commit/ac3f792bd5ab7c58153fc1075cb9e001c9cebe3b https://github.com/TYPO3/typo3/commit/cd11a19958d823d12d028f9345b41739c7e70118 https://github.com/TYPO3/typo3/commit/fb98378a8fd30dd50d89a3d1a420780819f38232 https://typo3.org/security/advisory/typo3-core-sa-2026-001
Patch
https://typo3.org/security/advisory/typo3-core-sa-2026-001
Share on: