Improper Access Control in TYPO3 ExtDirect Endpoint Services

Improper Access Control in TYPO3 ExtDirect Endpoint Services

CVE-2011-4904 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.

Learn more about our Web Application Penetration Testing UK.