Primary

Context

TYPO3 Backup Plus Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in the TYPO3 Backup Plus extension (ns_backup), affecting versions through 13.0.2. The issue arises because the extension does not properly sanitize user input when creating backups, allowing for malicious commands to be executed. Exploitation of this vulnerability requires a valid administrator account.

Impact

Successful exploitation allows for command injection, where an attacker can execute arbitrary commands on the server.

Remediation

Users are advised to update the TYPO3 Backup Plus extension to version 13.0.3, available through the TYPO3 extension manager, Packagist, or by downloading the ZIP file from the TYPO3 extensions repository.

Added: Sep 2, 2025, 9:19 AM

Updated: Sep 2, 2025, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 Backup Plus Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating