Typo3 · Typo3 · CVE-2024-22188
**Name of the Vulnerable Software and Affected Versions**
TYPO3 versions 8.7.0 through 8.7.56 ELTS
TYPO3 versions 9.5.0 through 9.5.45 ELTS
TYPO3 versions 10.4.0 through 10.4.42 ELTS
TYPO3 versions 11.5.0 through 11.5.34 LTS
TYPO3 versions 12.4.0 through 12.4.10 LTS
TYPO3 versions prior to 13.0.1
**Description**
The issue allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. This requires an administrator-level backend user account with system maintainer permissions.
**Recommendations**
Update to TYPO3 version 8.7.57 ELTS
Update to TYPO3 version 9.5.46 ELTS
Update to TYPO3 version 10.4.43 ELTS
Update to TYPO3 version 11.5.35 LTS
Update to TYPO3 version 12.4.11 LTS
Update to TYPO3 version 13.0.1