Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-pqfv-97hj-g97g
GHSA-pqfv-97hj-g97g:
PHP vulnerability analysis and mitigation
Overview
A security vulnerability was discovered in TYPO3 CMS (GHSA-pqfv-97hj-g97g) affecting versions 6.2.0 to 6.2.14 and 7.0.0 to 7.3.1. The vulnerability, disclosed on September 8, 2015, allows unauthenticated path disclosure through a PHP script delivered with TYPO3 for testing purposes (TYPO3 Advisory).
Technical details
The vulnerability is classified as an Information Disclosure issue with a Moderate severity rating (CVSS score 5.3). The CVSS v3 base metrics indicate Network attack vector, Low attack complexity, No privileges required, and No user interaction needed. The vulnerability has a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (GitHub Advisory).
Impact
When exploited, the vulnerability discloses the absolute server path to the TYPO3 installation, potentially exposing sensitive system information to unauthorized users (TYPO3 Advisory).
Mitigation and workarounds
The vulnerability has been patched in TYPO3 versions 6.2.15 and 7.4.0. Users are advised to update to these or later versions to address the security issue (TYPO3 Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management