CVE-2016-5091: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

May 17, 2022 (updated July 31, 2023)

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

References

www.openwall.com/lists/oss-security/2016/05/25/4
www.openwall.com/lists/oss-security/2016/05/26/2
github.com/advisories/GHSA-jxg5-35fj-ccwf
nvd.nist.gov/vuln/detail/CVE-2016-5091
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/

Code Behaviors & Features

Detect and mitigate CVE-2016-5091 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →