TYPO3 Path Traversal Vulnerability

TYPO3 is a free and open source content management system written in PHP under the GNU General Public License. A path traversal vulnerability exists in the extraction of manually uploaded ZIP archive files in Extension Manager in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and...

TYPO3 code issue vulnerability (CNVD-2020-04075)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the QueryGenerator and QueryView classes in TYPO3 versions prior to 8.7.30, 9.x versions prior to 9.5.12, and 10.x versions prior to 10.2.2. An attacker...

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...