Primary

Context

TYPO3 Download Manager Extension Insecure Direct Object Reference Vulnerability

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the TYPO3 reint_downloadmanager extension, versions 4.0.1 and below, as well as 5.0.0. This vulnerability arises because the extension does not properly validate the downloaduid parameter in the downloadAction, allowing unauthenticated attackers to download any files available on the system, including protected ones.

Impact

Exploitation of this vulnerability allows for unauthorized downloading of files, potentially including sensitive or protected content.

Remediation

Users of the reint_downloadmanager extension are advised to update to version 4.0.2 or 5.0.1, available through the TYPO3 extension manager, Packagist, or directly from the TYPO3 Extensions Repository.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Download Manager Extension Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating