This Metasploit module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes. Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0. This flaw can be used to read any file that the web server user account has access to view.
1d35e4826d1070372d0738e9a084efbbc13270ebd02c2ba618026825dfdceb07
TYPO3 unauthenticated arbitrary file retrieval exploit. Affects versions 4.2.15, 4.3.7, and 4.4.4.
2a2b3e4555ad13f58b384edbe8d46660c60151646bfc4b76dba4acdbbd9df710
Debian Linux Security Advisory 2121-1 - Several remote vulnerabilities have been discovered in TYPO3.
9f31d86f0c9890972a141396443bf16c6f0211872ce29a88ba8d4f731d4bcd8d