Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15086
HistoryJul 29, 2020 - 5:15 p.m.

CVE-2020-15086

2020-07-2917:15:13
CWE-20
CWE-200
CWE-502
CWE-325
[email protected]
web.nvd.nist.gov
3
typo3
mediace
extension
cve-2020-15086
vulnerability
remote code execution
extbase
plugin
module action

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.115

Percentile

95.3%

JSON

In TYPO3 installations with the “mediace” extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the “mediace” extension for TYPO3.

Affected configurations

Nvd
Node
typo3mediaceRange7.6.27.6.5typo3
VendorProductVersionCPE
typo3mediace*cpe:2.3:a:typo3:mediace:*:*:*:*:*:typo3:*:*

Related

osv 2
friendsofphp 2
prion 1
cve 1
veracode 2
cvelist 1
github 1
typo3 2
osv
osv
CVE-2020-15086
2020-07-29 17:15:13
Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:12
friendsofphp
friendsofphp
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
2020-07-16 07:31:32
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
2020-07-16 07:31:32
prion
prion
Design/Logic Flaw
2020-07-29 17:15:00
cve
cve
CVE-2020-15086
2020-07-29 17:15:13
veracode
veracode
Remote Code Execution
2020-08-03 06:13:19
Remote Code Execution (RCE)
2020-07-30 04:30:14
cvelist
cvelist
CVE-2020-15086 Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:30
github
github
Potential Remote Code Execution in TYPO3 with mediace extension
2020-07-29 16:15:12
typo3
typo3
Sensitive Information Disclosure in extension "Media Content Element" (mediace)
2020-07-28 00:00:00
Critical vulnerability in legacy versions of TYPO3 CMS
2020-07-28 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.115

Percentile

95.3%

JSON
Related for NVD:CVE-2020-15086
osv2friendsofphp2prion1cve1veracode2cvelist1github1typo32