9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.4%
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
For a successful exploit, the GhostScript binary gs
must be available on the server system.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms | lt | 9.5.6 | |
typo3/cms | lt | 8.7.25 | |
typo3/cms-core | lt | 9.5.6 | |
typo3/cms-core | lt | 8.7.25 |
github.com/advisories/GHSA-3w4h-r27h-4r2w
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
github.com/github/advisory-database/pull/3530
github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
nvd.nist.gov/vuln/detail/CVE-2019-11832
typo3.org/security/advisory/typo3-core-sa-2019-012
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.4%