CVE-2019-11832
published 2019-05-09CVE-2019-11832: TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as…
PriorityP346high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
3.92%
89.0th percentile
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 8.0.0 < 8.7.25 | 8.7.25 |
| typo3 | cms | >= 9.0.0 < 9.5.6 | 9.5.6 |
| typo3 | cms-core | >= 8.0.0 < 8.7.25 | 8.7.25 |
| typo3 | cms-core | >= 9.0.0 < 9.5.6 | 9.5.6 |
| typo3 | typo3 | >= 8.0.0 < 8.7.25 | 8.7.25 |
| typo3 | typo3 | >= 9.0.0 < 9.5.6 | 9.5.6 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TYPO3 Image Processing susceptible to Code Execution
ghsa·2022-05-24
CVE-2019-11832 [HIGH] CWE-20 TYPO3 Image Processing susceptible to Code Execution
TYPO3 Image Processing susceptible to Code Execution
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
For a successful exploit, the GhostScript binary `gs` must be available on the server system.
OSV
TYPO3 Image Processing susceptible to Code Execution
osv·2022-05-24
CVE-2019-11832 [HIGH] TYPO3 Image Processing susceptible to Code Execution
TYPO3 Image Processing susceptible to Code Execution
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
For a successful exploit, the GhostScript binary `gs` must be available on the server system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-09
Published