How severe is CVE-2023-47126?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-47126?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-47126 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2007-3650

MEDIUM

CVSS:5.3(Medium)

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (...

CWE-2002007

CVE-2007-3651

MEDIUM

CVSS:5.3(Medium)

class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation...

CWE-2002007

CVE-2010-3673

MEDIUM

CVSS:5.3(Medium)

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.

CWE-2002010

CVE-2011-0736

MEDIUM

CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=...

CWE-2002011

CVE-2011-0737

MEDIUM

CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the ven...

CWE-2002011

CVE-2011-4538

MEDIUM

CVSS:5.3(Medium)

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

CWE-2002011