Extension Faceted Search
Monthly
Path traversal in the TYPO3 'Faceted Search' extension's file indexer exposes arbitrary server filesystem content to high-privileged backend users. Because the indexer does not normalize or canonicalize the configured directory path before use, a backend user holding the specific permission to edit indexer configurations can supply path traversal sequences to redirect indexing at sensitive locations outside the intended document root. The CVSS 4.0 score of 5.9 (Medium) reflects high confidentiality impact (VC:H) constrained by the requirement for high privileges (PR:H). No public exploit or CISA KEV listing exists at time of analysis.
Sensitive internal TYPO3 database content can be exfiltrated into the public search index via the Faceted Search extension's misconfigured additional_tables parameter. Backend users holding permission to edit indexer configurations can reference arbitrary internal database tables and fields - including those storing backend credentials, frontend user records, or other protected data - causing the search indexer to copy that data into the search index where it may be surfaced in search results or via API responses. No public exploit has been identified at time of analysis, and exploitation is constrained by the requirement for high-privilege backend access (PR:H per CVSS 4.0), placing this firmly in insider-threat and privilege-misuse risk scenarios.
XML External Entity (XXE) injection in the OOXML file indexer of the TYPO3 'Faceted Search' extension (EXT:faceted_search) allows a high-privileged authenticated attacker to cause the server to disclose local file contents or perform outbound HTTP requests (SSRF), with retrieved data written to the search index. Exploitation requires placing a crafted XLSX or PPTX document into a directory processed by the indexer. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Path traversal in the TYPO3 'Faceted Search' extension's file indexer exposes arbitrary server filesystem content to high-privileged backend users. Because the indexer does not normalize or canonicalize the configured directory path before use, a backend user holding the specific permission to edit indexer configurations can supply path traversal sequences to redirect indexing at sensitive locations outside the intended document root. The CVSS 4.0 score of 5.9 (Medium) reflects high confidentiality impact (VC:H) constrained by the requirement for high privileges (PR:H). No public exploit or CISA KEV listing exists at time of analysis.
Sensitive internal TYPO3 database content can be exfiltrated into the public search index via the Faceted Search extension's misconfigured additional_tables parameter. Backend users holding permission to edit indexer configurations can reference arbitrary internal database tables and fields - including those storing backend credentials, frontend user records, or other protected data - causing the search indexer to copy that data into the search index where it may be surfaced in search results or via API responses. No public exploit has been identified at time of analysis, and exploitation is constrained by the requirement for high-privilege backend access (PR:H per CVSS 4.0), placing this firmly in insider-threat and privilege-misuse risk scenarios.
XML External Entity (XXE) injection in the OOXML file indexer of the TYPO3 'Faceted Search' extension (EXT:faceted_search) allows a high-privileged authenticated attacker to cause the server to disclose local file contents or perform outbound HTTP requests (SSRF), with retrieved data written to the search index. Exploitation requires placing a crafted XLSX or PPTX document into a directory processed by the indexer. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.