SB2019121722 - Multiple vulnerabilities in TYPO3 TYPO3
Published: December 17, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2019-19848)
The vulnerability allows a remote privileged user to execute arbitrary code.
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
2) Deserialization of Untrusted Data (CVE-ID: CVE-2019-19849)
The vulnerability allows a remote authenticated user to execute arbitrary code.
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
3) SQL injection (CVE-ID: CVE-2019-19850)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
Install update from vendor's website.
References
- https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
- https://typo3.org/security/advisory/typo3-core-sa-2019-024/
- https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
- https://typo3.org/security/advisory/typo3-core-sa-2019-026/
- https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
- https://typo3.org/security/advisory/typo3-core-sa-2019-025/