friendsoftypo3/mediace is vulnerable to remote code execution. An attacker who has access to Extbase
plugin or module action within a TYPO3 installation is able to execute arbitrary code by injecting arbitrary data with a valid cryptographic MAC. The vulnerability exists due to an insecure internal verification mechanism.