Lucene search
Veracode Vulnerability DatabaseVERACODE:25410HistoryMay 14, 2020 - 4:41 a.m.
Insecure Deserialization
2020-05-1404:41:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
0.001 Low
EPSS
Percentile
44.0%
typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the identity of web site.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | le | 9.5.16 | |
| typo3/cms-core | le | 10.4.1 | |
| typo3/cms-core | le | 9.5.16 | |
| typo3/cms-core | le | 10.4.1 |
Related
cve
cve
CVE-2020-11066
2020-05-14 00:15:11
github
github
Class destructors causing side-effects when being unserialized in TYPO3 CMS
2020-05-13 23:18:38
friendsofphp
friendsofphp
osv
osv
Class destructors causing side-effects when being unserialized in TYPO3 CMS
2020-05-13 23:18:38
CVE-2020-11066
2020-05-14 00:15:11
BIT-typo3-2020-11066
2024-03-06 11:11:59
nvd
nvd
CVE-2020-11066
2020-05-14 00:15:11
typo3
typo3
Class destructors causing side-effects when being unserialized
2020-05-12 00:00:00
prion
prion
Deserialization of untrusted data
2020-05-14 00:15:00
cvelist
cvelist
openvas
openvas
nessus
nessus
TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities
2020-07-13 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities
2020-05-12 00:00:00