GHSA-67j3-jmm3-32xcMedium

TYPO3 ke_search path traversal from arbitrary table configuration input

Published
May 19, 2026
Last Modified
June 29, 2026

🔗 CVE IDs covered (1)

📋 Description

In TYPO3 faceted fulltext search (ke_search), theadditional_tables configuration of the page and tt_content indexers accept arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index. This has been patched in versions 7.0.1, 6.6.1, 5.6.2 and 4.6.7.

🎯 Affected products4

  • composer/tpwd/ke_search:>= 7.0.0, < 7.0.1
  • composer/tpwd/ke_search:>= 6.0.0, < 6.6.1
  • composer/tpwd/ke_search:>= 5.0.0, < 5.6.2
  • composer/tpwd/ke_search:< 4.6.7

🔗 References (4)