Risk | High |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2019-12748 CVE-2019-12747 CVE-2019-10912 |
CWE-ID | CWE-79 CWE-284 CWE-94 CWE-502 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
TYPO3 Web applications / CMS |
Vendor | TYPO3 |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU18903
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-12748
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the t3:// URL handling functionality. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
PoC:
t3://url/?url=javascript:alert(1);Mitigation
Install updates from vendor's website.
Vulnerable software versionsTYPO3: 8.3.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-015/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU18901
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions when uploading files via the Import/Export module. A remote authenticated user can bypass ACL restrictions and access import functionality.
This vulnerability does not allow uploading of dangerous files, but can be used in conjunction with other issues to elevate privileges within the application using other vulnerabilities.
Install updates from vendor's website.
Vulnerable software versionsTYPO3: 9.3.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-017/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18904
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to another user's session.
The vulnerability exists due to the application does not delete the session identifier after user logs out and stores it in cookies. An attacker with access to victim's browser can obtain session identifier and gain access to victim's account.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTYPO3: 8.5.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-018/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18906
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the backend API (ext:backend) configuration using Page TSconfig. A remote authenticated attacker with access to modify values for fields pages.TSconfig and pages.tsconfig_includes can send a specially crafted request and execute arbitrary PHP or JavaScript code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-019/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18907
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12747
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the FormEngine and DataHandle. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-020/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18908
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions within the element information component used to display properties of a certain record. A remote authenticated attacker can gain access to potentially sensitive information, such as list of reference forms or records.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-014/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18299
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10912
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insecure call of the unserialize()
PHP function in untrusted user-input. A remote attacker can send specially crafted HTTP request to the affected system and delete arbitrary files on the system or display raw data output.
The vulnerability is caused by usage of a third-party component symfony/cache.
Update to version 9.5.8.
Vulnerable software versionsTYPO3: 9.4.0 - 9.5.7
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-016/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.