Description

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

Remediation

References

CVE-2019-11832

Related Vulnerabilities

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42116)

Oracle Database Server CVE-2012-0082 Vulnerability (CVE-2012-0082)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-10548)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38269)

OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1473)

Severity

High

Classification

CVE-2019-11832 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities