Lucene search

[email protected]CVE-2020-11066

HistoryMay 14, 2020 - 12:15 a.m.

CVE-2020-11066

2020-05-1400:15:11

CWE-1321

CWE-915

[email protected]

web.nvd.nist.gov

114

cve-2020-11066

typo3 cms

insecure deserialization

arbitrary directory deletion

email message submission

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

9.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.

CPE configuration

Vulners

NVD

typo3typo3Range9.0.0–9.5.17

typo3typo3Range10.0.0–10.4.2

VendorProductVersionCPE
typo3typo3*cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
typo3typo3*cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	*	cpe:2.3:a:typo3:typo3::::::::
typo3	typo3	*	cpe:2.3:a:typo3:typo3::::::::

CNA Affected

[
  {
    "product": "TYPO3 CMS",
    "vendor": "TYPO3",
    "versions": [
      {
        "status": "affected",
        "version": ">= 9.0.0, < 9.5.17"
      },
      {
        "status": "affected",
        "version": ">= 10.0.0, < 10.4.2"
      }
    ]
  }
]