CVE-2009-0258

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0770%

EPSS Percentile29.96th

PublishedJan 22, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Affected Platforms (CPE)

📦

Typo3

= 4.0

📦

Typo3

= 4.0.1

📦

Typo3

= 4.0.2

📦

Typo3

= 4.0.3

📦

Typo3

= 4.0.4

📦

Typo3

= 4.0.5

📦

Typo3

= 4.0.6

📦

Typo3

= 4.0.7

📦

Typo3

= 4.0.8

📦

Typo3

= 4.0.9

📦

Typo3

= 4.1.0

📦

Typo3

= 4.1.0

📦

Typo3

= 4.1.0

📦

Typo3

= 4.1.1

📦

Typo3

= 4.1.2

📦

Typo3

= 4.1.3

📦

Typo3

= 4.1.4

📦

Typo3

= 4.1.5

📦

Typo3

= 4.1.6

📦

Typo3

= 4.1.7

📦

Typo3

= 4.2.0

📦

Typo3

= 4.2.1

📦

Typo3

= 4.2.2

📦

Typo3

= 4.2.3

References & Advisories

🔗 http://secunia.com/advisories/33617

🔗 http://secunia.com/advisories/33679

🔗 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

🔗 http://www.debian.org/security/2009/dsa-1711

🔗 http://www.openwall.com/lists/oss-security/2009/01/23/4

🔗 http://www.securityfocus.com/bid/33376

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/48138

🔗 http://secunia.com/advisories/33617

Vulnerability Description

Affected Platforms (CPE)

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

Typo3

References & Advisories

Related Vulnerabilities