CVE-2019-12747 — Deserialization of Untrusted Data in CMS

Severity

8.8HIGHNVD

EPSS

1.6%

top 18.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 9

Latest updateMay 24

Description

TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶Packagisttypo3/cms8.0.0 — 8.7.27+1

▶Packagisttypo3/cms-core8.0.0 — 8.7.27+1

▶NVDtypo3/typo38.3.0 — 8.7.26+1

GHSA

TYPO3 Vulnerable to Insecure Deserialization↗2022-05-24

▶

OSV

TYPO3 Vulnerable to Insecure Deserialization↗2022-05-24

▶

CVEList

CVE-2019-12747: TYPO3 8↗2019-07-09

▶