Main Vulnerability Database Vulnerabilities #VU31074

Input validation error in TYPO3 - CVE-2019-11832

Published: May 9, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31074

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-11832

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

How to mitigate CVE-2019-11832

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/108305
https://typo3.org/security/advisory/typo3-core-sa-2019-012/

Input validation error in TYPO3 - CVE-2019-11832

Detailed vulnerability description

How to mitigate CVE-2019-11832

Sources

Please verify you're human