CVE-2019-16700

Опубликовано: 16 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Ссылки

https://extensions.typo3.org/extension/slub_events
Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/
Third Party Advisory
https://extensions.typo3.org/extension/slub_events
Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:slub-dresden:slub_events:*:*:*:*:*:typo3:*:*

Версия до 3.0.2 (включая)

EPSS

Процентиль: 84%

0.02148

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-5pww-3mfc-g8vr