Description

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

Remediation

References

CVE-2019-11832

Related Vulnerabilities

WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)

Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108)

Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

Severity

High

Classification

CVE-2019-11832 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities