4 matches found
CVE-2020-11067
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...
TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities
The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...
CVE-2020-11067
TYPO3 CMS CVE-2020-11067 affects backend user settings (BE_USER->uc) deserialization in TYPO3 9.0.0–9.5.16 and 10.0.0–10.4.1, enabling remote code execution when combined with third‑party component vulnerabilities, exploitable by a valid backend user account. The issue has been fixed in TYPO3 ...
CVE-2020-11067 Deserialization of Untrusted Data in TYPO3 CMS
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...