CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11067 – Deserialization of Untrusted Data in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11067
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, ha sido detectado que la configuración del usuario del backend (en $BE_USER-)uc) es vulnerables a una deserialización no segura. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11066 – Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.0.0 y menores a 9.5.17 y versiones mayores o iguales a 10.0.0 y versiones menores a 10.4.2, al llamar la función unserialize() sobre un contenido malicioso enviado por el usuario puede conllevar a una modificación de determinados atributos de objeto y resultar en la eliminación de un directorio arbitrario en el sistema de archivos, si es escribible para el servidor web. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11064 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11064
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que los atributos placeholder de HTML que contienen datos de otros registros de bases de datos son vulnerables a un ataque de tipo cross-site scripting. Es requerida una cuenta de usuario del back-end válida para explotar esta vulnerabilidad. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19849
https://notcve.org/view.php?id=CVE-2019-19849
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. • https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-026 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19850
https://notcve.org/view.php?id=CVE-2019-19850
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. Debido a que el escape del contenido enviado por el usuario es manejado inapropiadamente, la clase QueryGenerator es vulnerable a una inyección SQL. • https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •