Skip to main content

Typo3 Cms

1 CVEs product

Monthly

CVE-2026-6553 PHP HIGH PATCH GHSA This Week

TYPO3 CMS 14.2.0 stores backend user passwords in cleartext within database fields (uc, user_settings) when passwords are changed through the user settings module. Remote attackers with database read access or exploiting SQL injection vulnerabilities can retrieve plaintext credentials for backend administrator accounts. Vendor patch available via GitHub commit 9a6e913f. No active exploitation confirmed at time of analysis, though high CVSS subsequent system impact scores (SC:H/SI:H/SA:H) indicate potential for privilege escalation if database is compromised.

Information Disclosure Typo3 Cms
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
0.0%
EPSS 0% CVSS 7.3
HIGH PATCH This Week

TYPO3 CMS 14.2.0 stores backend user passwords in cleartext within database fields (uc, user_settings) when passwords are changed through the user settings module. Remote attackers with database read access or exploiting SQL injection vulnerabilities can retrieve plaintext credentials for backend administrator accounts. Vendor patch available via GitHub commit 9a6e913f. No active exploitation confirmed at time of analysis, though high CVSS subsequent system impact scores (SC:H/SI:H/SA:H) indicate potential for privilege escalation if database is compromised.

Information Disclosure Typo3 Cms
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy