Name of the Vulnerable Software and Affected Versions TYPO3 (affected versions not specified)

Description The issue arises from Extbase request handling failing to implement proper access checks for requested controller/action combinations. This allows an attacker to execute arbitrary Extbase actions by crafting a special request, provided they have access to at least one Extbase plugin or module action in a TYPO3 installation. The lack of access check can lead to information disclosure or remote code execution, depending on the action an attacker executes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.