CVE-2005-4875
EPSS 0.16%TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`
Published: 5/1/2022Modified: 4/4/2025
Also known as:GHSA-xj84-6q8f-qg2r
Description
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
Affected packages (1)
- Packagist/typo3/cmsfrom 0, < 3.8.1
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2005-4875
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://bugs.typo3.org/view.php?id=1250
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42457
- WEBhttps://web.archive.org/web/20080228231555/http://typo3.org/teams/security/security-bulletins/typo3-20050725-1
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-20050725-1