typo3/cms is vulnerable to insecure cryptography. During installation with mediace
extension, the vulnerability exists because it was possible to generate arbitrary checksums that allows the injection of arbitrary data, allowing an attacker with at least one Extbase
plugin or module action to trigger remote code execution.