4 matches found
Insecure Deserialization
typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...
GHSA-2RXH-H6H9-QRQC Class destructors causing side-effects when being unserialized in TYPO3 CMS
Calling unserialize on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system if writable for web server - trigger message submission via email using identity of web site mail relay Another insecure deserialization...
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...