Lucene search
GoogleOSV:GHSA-2WJ9-434X-9HVPHistoryMay 13, 2020 - 11:29 p.m.
Insecure Deserialization in Backend User Settings in TYPO3 CMS
2020-05-1323:29:04
Google
osv.dev
19
0.007 Low
EPSS
Percentile
79.6%
It has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of 3rd party components this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability.
Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described.
References
References
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11067.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11067.yaml
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp
nvd.nist.gov/vuln/detail/CVE-2020-11067
typo3.org/security/advisory/typo3-core-sa-2020-005
Related
typo3
typo3
Insecure Deserialization in Backend User Settings
2020-05-12 00:00:00
prion
prion
Deserialization of untrusted data
2020-05-14 00:15:00
cve
cve
CVE-2020-11067
2020-05-14 00:15:11
veracode
veracode
Insecure Deserialization
2020-05-14 07:03:03
osv
osv
CVE-2020-11067
2020-05-14 00:15:11
BIT-typo3-2020-11067
2024-03-06 11:11:55
cvelist
cvelist
CVE-2020-11067 Deserialization of Untrusted Data in TYPO3 CMS
2020-05-13 23:25:13
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
2020-05-12 09:21:27
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
2020-05-12 09:21:27
github
github
Insecure Deserialization in Backend User Settings in TYPO3 CMS
2020-05-13 23:29:04
nvd
nvd
CVE-2020-11067
2020-05-14 00:15:11
openvas
openvas
nessus
nessus
TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities
2020-07-13 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities
2020-05-12 00:00:00