CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.9%
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
daniel_lienert | yet_another_gallery | * | cpe:2.3:a:daniel_lienert:yet_another_gallery:*:*:*:*:*:typo3:*:* |
michael_knoll | tools_for_extbase_developmen | * | cpe:2.3:a:michael_knoll:tools_for_extbase_developmen:*:*:*:*:*:typo3:*:* |