typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the identity of web site.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | le | 9.5.16 | |
typo3/cms-core | le | 10.4.1 | |
typo3/cms-core | le | 9.5.16 | |
typo3/cms-core | le | 10.4.1 |