CVE-2005-4875

Published: Dec 31, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.

Affected (3)

Products: Typo3: Typo3

Typo3

1 product

Typo3

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Up to 3.8.0
Typo3 Typo3	Version 1.1
Typo3 Typo3	Version 3.7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://bugs.typo3.org/view.php?id=1250

Source: cve@mitre.org

http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42457

Source: cve@mitre.org

http://bugs.typo3.org/view.php?id=1250

Source: af854a3a-2127-422b-91ae-364da2661108

http://typo3.org/teams/security/security-bulletins/typo3-20050725-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/42457

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.