{"id":"CVE-2024-22188","details":"TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.","aliases":["GHSA-5w2h-59j3-8x5w"],"modified":"2026-04-10T05:09:06.471301Z","published":"2024-03-05T02:15:27.443Z","related":["GHSA-5w2h-59j3-8x5w"],"references":[{"type":"ADVISORY","url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"},{"type":"ADVISORY","url":"https://typo3.org/security/advisory/typo3-core-sa-2024-002"},{"type":"ADVISORY","url":"https://typo3.org/help/security-advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/typo3/typo3.cms","events":[{"introduced":"6a5e2d4097ef0a0e3ea955af93cf83810d6fa234"},{"fixed":"7cd2396f0be8e4ce1a2554f0def6ebc4420ab436"},{"introduced":"36096733dea4bd6f6168209609fa879dc25c0138"},{"fixed":"3f83ff31e72053761f33b975410fa2881174e0e5"},{"introduced":"0"},{"last_affected":"fd8745e46bb11773e85524b8ee9650dabe340713"}],"database_specific":{"versions":[{"introduced":"11.0.0"},{"fixed":"11.5.35"},{"introduced":"12.0.0"},{"fixed":"12.4.11"},{"introduced":"0"},{"last_affected":"13.0.0"}]}}],"versions":["v11.0.0","v11.1.0","v11.2.0","v11.3.0","v11.4.0","v11.5.0","v11.5.1","v11.5.10","v11.5.11","v11.5.12","v11.5.13","v11.5.14","v11.5.15","v11.5.16","v11.5.17","v11.5.18","v11.5.19","v11.5.2","v11.5.20","v11.5.21","v11.5.22","v11.5.23","v11.5.24","v11.5.25","v11.5.26","v11.5.27","v11.5.28","v11.5.29","v11.5.3","v11.5.30","v11.5.31","v11.5.32","v11.5.33","v11.5.34","v11.5.4","v11.5.5","v11.5.6","v11.5.7","v11.5.8","v11.5.9","v12.0.0","v12.1.0","v12.2.0","v12.3.0","v12.4.0","v12.4.1","v12.4.10","v12.4.2","v12.4.3","v12.4.4","v12.4.5","v12.4.6","v12.4.7","v12.4.8","v12.4.9","v13.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22188.json","unresolved_ranges":[{"events":[{"introduced":"8.0.0"},{"fixed":"8.7.57"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.5.46"}]},{"events":[{"introduced":"10.0.0"},{"fixed":"10.4.43"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}