Lucene search
RIPS Technologies BlogRIPSTECH:37A80EB4FAB89E010FAA3B3C872B41EAHistoryJul 16, 2019 - 3:11 p.m.
TYPO3 9.5.7: Overriding the Database to Execute Code
2019-07-1615:11:00
RIPS Technologies Blog
blog.ripstech.com
61
0.001 Low
EPSS
Percentile
32.6%
Affected are TYPO3 8.x through 8.7.26, and TYPO3 9.x through 9.5.7. A deserialization of untrusted data leads to a Remote Code Execution vulnerability, which can be combined with a Cross-Site Scripting vulnerability that was also detected in the backend (CVE-2019-12748). The truncated analysis results are available in our RIPS demo application. Please note that we limited the results to the issues described in this post in order to ensure a fix is available.
Related
osv
osv
CVE-2019-12748
2019-07-09 15:15:10
Typo3 Cross-Site Scripting in Link Handling
2022-05-24 22:00:13
nessus
nessus
TYPO3 8.3 < 8.7.27 / 9.x < 9.5.8 XSS (TYPO3-CORE-SA-2019-015)
2020-07-21 00:00:00
github
github
Typo3 Cross-Site Scripting in Link Handling
2022-05-24 22:00:13
cvelist
cvelist
CVE-2019-12748
2019-07-09 14:22:00
friendsofphp
friendsofphp
Cross-Site Scripting in Link Handling
2019-06-25 06:38:52
Cross-Site Scripting in Link Handling
2019-06-25 06:38:52
openvas
openvas
TYPO3 8.3.x <= 8.7.26 and 9.x.x <= 9.5.7 XSS Vulnerability
2019-07-11 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-10 06:54:27
cve
cve
CVE-2019-12748
2019-07-09 15:15:00
prion
prion
Cross site scripting
2019-07-09 15:15:00
typo3
typo3
Cross-Site Scripting in Link Handling
2019-06-25 00:00:00
freebsd
freebsd
TYPO3 -- multiple vulnerabilities
2019-06-28 00:00:00