CVE-2019-11832 — Improper Input Validation in Typo3

CWE-20 — Improper Input Validation CWE-94 — Code Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Typo3 CMS Typo3 Cms-core

Timeline

PublishedMay 9

Latest updateMay 24

Description

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶Packagisttypo3/cms8.0.0 — 8.7.25+1

▶NVDtypo3/typo38.0.0 — 8.7.25+1

▶Packagisttypo3/cms-core8.0.0 — 8.7.25+1

🔴Vulnerability Details

GHSA

TYPO3 Image Processing susceptible to Code Execution↗2022-05-24

▶

OSV

TYPO3 Image Processing susceptible to Code Execution↗2022-05-24

▶

CVEList

CVE-2019-11832: TYPO3 8↗2019-05-09

▶