Main Vulnerability Database SB2018101803

SB2018101803 - Deserialization of untrusted data in PharStreamWrapper Interceptor for TYPO3 CMS

Published: October 18, 2018

Security Bulletin ID SB2018101803

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Deserialization of untrusted data (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise vulnerable application.

The vulnerability exists due to Typo3 does not check content type of files and allows uploading of Phar files. A remote attacker with valid user account can upload a malicious phar file with a safe extension (e.g. jpg) and execute it on the system with privileges of the web server account.

Successful exploitation of the vulnerability allows remote PHP code execution but requires valid user credentials.

Remediation

Install update from vendor's website.

References

https://typo3.org/security/advisory/typo3-psa-2018-001/